Winning on defense: securing the Green Bay Packers through an AI-driven platform approach

Watch the videos

SUMMARY

The Green Bay Packers, the only community-owned team in major-league American sports, foster a passionate fan base. From protecting gameday broadcasts to fan data privacy, the security team safeguards not only football operations, but also digital experiences across retail, healthcare, and entertainment.

For over 15 years, the Packers have relied on Palo Alto Networks solutions and over time adopted a platform approach to boost visibility and efficiency. Recently, in gearing up to host a major event with broad media coverage, they turned to Unit 42 and Cortex XSIAM to ensure all systems were tightly protected.

RESULTS

40 second

median time to resolution with Cortex XSIAM, down from 42 minutes

120

hours of labor saved per week with Cortex XSIAM

54%

more investigated alerts than the previous MDR provider

challenges

Legendary franchise. Lean security team.

On most days, the Packers operate like a midsize enterprise. On gamedays, they operate like a small city. For a recent event to kick off football season that brought 600,000 people to Green Bay, it was imperative to have cybersecurity that scaled without additional resources or cost.

Triaging alerts from point products was inefficient, required too much manual labor from a small team, and lacked the needed visibility and context.
Threat defense was lagging with an MDR provider that couldn’t cover all data sources and didn’t operate on an integrated platform.
Flexing to serve hundreds of thousands people required advanced, integrated solutions, next-level agility, and a roadmap from incident response (IR) and proactive services experts.
A spotlight of media attention posed a risk to the Packers’ brand, reputation, and community—something paramount to the mission-driven team with passionate and supportive fans.

Path to Platformization

Network security

Hardware Firewalls
Enterprise IoT Security

Learn more

SOC modernization

Cortex XDR
Cortex XSIAM

Learn more

Proactive and incident response services

Unit 42 Retainer
Unit 42 Incident Response
Unit 42 MDR
Unit 42 Proactive Services

Cyber Vigilance Program
Cyber Risk Assessment
Tabletop Exercises

Learn more

Unit 42

Cyber vigilance and 24/7 monitoring to protect high-stakes operations

Cortex XSIAM

Transforming security operations with AI-powered defense

01 / 02

SOLUTION

A game plan for IoT defense.

On gameday, devices from smart TVs to scoreboards to wireless access points light up across Lambeau Field, each with data and network demands. “Having tools that allow us to fluctuate during those times is critical for our success,” explains Tony Smith, Assistant Director of IT and Information Security. IoT security from Palo Alto Networks helps the Packers map, monitor, and secure every connected device. That means safer fan experiences, smoother stadium operations, and fewer blind spots in an increasingly connected environment.

One platform. Zero fumbles.

Tired of chasing alerts across disconnected point products, the Packers made the switch to Palo Alto Networks Cortex XSIAM—and results were immediate. By providing out-of-the-box data modeling, XSIAM freed the Packers from the manual, source-by-source configuration required by their old SIEM. This enabled them to seamlessly double their ingested data sources, significantly enhancing the value derived from their security data. Instead of juggling multiple dashboards for endpoints, firewalls, IoT, servers, and network security, analysts now investigate and respond in a single platform—cutting the median time to resolution from 42 minutes to 40 seconds. Automation within XSIAM has also been a game-changer for the Packers, with out-of-the-box AI models blocking cyberattacks across systems without analyst intervention and freeing the team to focus on strategic initiatives. All told, XSIAM saves up to 120 hours of labor a week, depending on the week or month.
Alert fatigue out. 24/7 managed detection and response in.

In a high-stakes environment, the Packers can’t afford to waste time chasing low-priority alerts, making a partnership with an expert MDR provider essential. But their previous MDR provider couldn’t keep up. The shift to working with the Unit 42 MDR team made an immediate impact, reducing response time from hours to just five minutes while investigating 54% more alerts and resolving 135 incidents a day. Unit 42 MDR is natively integrated with Cortex XSIAM, giving full visibility of all data sources across the Packers’ environment and making response times faster.

"We get far fewer alerts from Unit 42 MDR than we did from our previous provider. If they surface an incident, we know it’s something we need to look into, and then we work together to resolve it quickly. They use their knowledge and expertise to determine priority, which is a big time-saver."

Justin Ruckel

Infrastructure and Security Manager, Green Bay Packers

IR on speed dial. Strategy in reserve.

Unit 42 is on retainer for incident response should a major breach occur. “It’s literally a phone call, and the action starts,” says Kenny Ansel, Director of IT. No paperwork. No delays. Because Unit 42 already knows the Packers’ environment and works within Cortex XSIAM, there’s no need to grant access to multiple tools; they can jump in and get started. The value doesn’t end there. When the Packers don’t use their retainer credits for IR, they apply them to proactive services like annual cyber risk assessments to validate processes, uncover hidden gaps, and prioritize future efforts. Those assessments give Unit 42 deep familiarity with the Packers’ environment, so “going into an event, they’re that much more informed,” Ansel says.

“Our relationship with Unit 42 has grown to the point where we really consider them an extension of our Packers IT team.”

Kenny Ansel

Director of IT, Green Bay Packers

Security in the spotlight

When the Packers planned for a high-profile event that would draw national attention, they knew the stakes were too high for guesswork. “There was going to be a lot of attention on our logo, and we didn’t want to risk damage to our brand—or to the league,” Ansel says. The team turned to Unit 42 for full-spectrum support before, during, and after the event. Conveniently, the Unit 42 Retainer gave the Packers access to the Cyber Vigilance Program, which bundles several key services together.

For most events, the Packers’ cybersecurity team has full control of the digital environment. Not so for this one, which involved multiple outside parties. With limited internal resources and a condensed timeline, the Packers relied on Unit 42 to cover the gaps. “Given the size of our staff, there’s no way we could have pulled off that level of defense on our own,” says Smith. What they gained was more than visibility; it was confidence with daily and even hourly updates. If something changed in the threat landscape, Unit 42 flagged it immediately, providing the safety net the team needed.