Case Study
In brief
Public Works
United States
INTRODUCTION
Vallejo Flood and Wastewater District’s nimble security team leverages Palo Alto Networks to protect critical infrastructure.
Vallejo Flood and Wastewater District relied on Palo Alto Networks for a firewall solution, leading to a longstanding relationship, including the implementation of GlobalProtect, Cortex XDR, and Unit 42® services. Over the last decade, the wastewater treatment plant simplified its security operations and is meeting emerging needs with a unified platform that saves time, closes security gaps, and supports modernization.
The Vallejo Flood and Wastewater District (VFWD) is responsible for treating wastewater from Vallejo, CA, near the San Francisco Bay, to protect the health and safety of the Bay’s vital ecosystem and millions of people living in the region. This requires a robust IT and cyber-physical systems infrastructure.
Securing this complex infrastructure is a leading concern of System Specialists Terry Chatman and Jason Kaduk, who manage IT and cybersecurity for VFWD. Beginning with a firewall replacement project in 2011, VFWD leveraged a growing relationship with Palo Alto Networks to ensure its systems remain safe.
CHALLENGE
To provide the best water treatment service possible, VFWD invested in technology to improve the efficiency and accuracy of its treatment processes. This created a digital environment with complex security needs, placing a significant burden on the small IT and cybersecurity team.
Cyberthreats against critical infrastructure of public utilities, including wastewater treatment plants, have been on the rise, requiring VFWD to defend against an increasingly persistent and sophisticated threat landscape. Because a weak link in the security stack could threaten plant operations and jeopardize public health and safety, the team needed to improve cybersecurity in tandem with other operations initiatives.
In 2011, VFWD began moving to the cloud. However, its existing firewalls were difficult and time-consuming to manage and insufficient to support the move. “In the legacy system, we had to input everything manually,” Chatman explains. “There was no automation, and the architecture wasn’t going to meet the needs of virtualization.”VFWD partnered with Palo Alto Networks to address critical security concerns, including endpoint security, intrusion prevention, security testing, and incident response planning.
SOLUTION
In 2011, VFWD implemented Palo Alto Networks firewalls, including URL Filtering and Wildfire. Along with PA-3000 Series Firewalls in the data center, VFWD deployed PA-220 Series Firewalls in remote locations, creating a consistent firewall solution across its operations.
From that foundation, VFWD moved toward a platform approach to security, expanding its relationship with Palo Alto Networks. It adopted Panorama to manage its security stack, Cortex XDR to protect devices and detect threats, and GlobalProtect to stop attacks before they happen.
Over a decade after it purchased the first firewalls, VFWD is upgrading to Palo Alto Networks Next-Generation Firewalls (NGFWs).
In 2022, VFWD added a Retainer with Unit 42, Palo Alto’s threat intelligence, cyber risk management, and incident response team. This ensures that in the event of a cybersecurity incident, the VFWD team will have cybersecurity experts instantly available to help, as well as ongoing strategic support and analysis. They used credits from their Unit 42 Retainer for cyber risk management services to take a more proactive approach to their cybersecurity strategy.
RESULTS
Today, Chatman and Kaduk describe the District’s IT infrastructure as its “hardest working employee,” resulting from targeted technology investments. Implementing Palo Alto Networks firewalls and Panorama provides comprehensive visibility across networks that has simplified management, freed up time for other pressing tasks, and delivered an 85 percent reduction in Mean Time to Resolve for security incidents.
Utilizing PA-220 Series Firewalls in remote locations allows the team to secure and manage vital infrastructure in unstaffed locations.
“Replacing the existing firewalls with Palo Alto Networks Next-Generation Firewalls is a no-brainer,” explains Kaduk. “The system works well now–in the data center, the cloud, and remote locations. The capabilities of the NGFWs will just make it better.”
By taking a platform approach to security in partnership with Palo Alto Networks, the District has achieved a 50 percent increase in productivity and a 70 percent cost reduction through automation and streamlined management. For example, implementing GlobalProtect and Cortex XDR has allowed VFWD to eliminate multiple point products, further relieving the team of manual tasks while strengthening security across the IT infrastructure.
“The partnership is really beneficial,” Chatman emphasizes. “Working with Palo Alto Networks helps us stay ahead of threats and use the District’s resources strategically to maintain the strongest security possible.”
Chatman and Kaduk worked with Unit 42 to develop VFWD’s first cybersecurity response plan, resulting in an improved security approach throughout the organization. Unit 42’s Penetration Testing also gives VFWD confidence that its infrastructure and critical systems are well protected.
Now, the VFWD team feels more confident that staff will avoid falling victim to phishing or other intrusion tactics, and it’s taking a more strategic approach to procurement.
Through its partnership with Palo Alto Networks, Vallejo Flood and Wastewater District cost-effectively streamlined and modernized its security infrastructure. With more efficient, effective security solutions in place, the small IT and cybersecurity team can have a big impact by maintaining a strong security posture, keeping its critical infrastructure safe.
The team is better able to respond strategically to the constantly evolving threat landscape. As VFWD moves into the future, its relationship with Palo Alto Networks will support ongoing modernization—and its mission to serve the City of Vallejo and protect the San Francisco Bay
Learn more about Palo Alto Networks and Unit 42.