Case Study

Utility plant protects health and safety of community with comprehensive security platform


In brief

Customer

Vallejo Flood and Wastewater District

Industry

Public Works

Location

United States


Challenges

  • Small IT and cybersecurity team was overwhelmed by security tasks.
  • Existing firewall solution didn’t support virtualization and modernization.

Solutions
    • Network Security Platform:
      – PA-3000 Series and PA-220 Series Firewalls
      – URL Filtering
      – Wildfire®
      – Panorama®
      – GlobalProtect®
    • Cortex XDR®
    • Unit 42® Retainer and Cyber Risk Management Services
Results

  • 70% cost reduction through security platform automation.
  • 50% increase in productivity through streamlined management.
  • 85% reduction in Mean Time to Resolve security incidents.
  • Unit 42 supports planning and strategy.

Download PDF Share

INTRODUCTION

Vallejo Flood and Wastewater District’s nimble security team leverages Palo Alto Networks to protect critical infrastructure.

Vallejo Flood and Wastewater District relied on Palo Alto Networks for a firewall solution, leading to a longstanding relationship, including the implementation of GlobalProtect, Cortex XDR, and Unit 42® services. Over the last decade, the wastewater treatment plant simplified its security operations and is meeting emerging needs with a unified platform that saves time, closes security gaps, and supports modernization.

The Vallejo Flood and Wastewater District (VFWD) is responsible for treating wastewater from Vallejo, CA, near the San Francisco Bay, to protect the health and safety of the Bay’s vital ecosystem and millions of people living in the region. This requires a robust IT and cyber-physical systems infrastructure.

Securing this complex infrastructure is a leading concern of System Specialists Terry Chatman and Jason Kaduk, who manage IT and cybersecurity for VFWD. Beginning with a firewall replacement project in 2011, VFWD leveraged a growing relationship with Palo Alto Networks to ensure its systems remain safe.


Warfare Training Command

quote

In the legacy system, we had to input everything manually. There was no automation, and the architecture wasn’t going to meet the needs of virtualization.

— Terry Chatman, Systems Specialist, Vallejo Flood and Wastewater District

CHALLENGE

Evolving cyberthreats require a new approach

To provide the best water treatment service possible, VFWD invested in technology to improve the efficiency and accuracy of its treatment processes. This created a digital environment with complex security needs, placing a significant burden on the small IT and cybersecurity team.

Cyberthreats against critical infrastructure of public utilities, including wastewater treatment plants, have been on the rise, requiring VFWD to defend against an increasingly persistent and sophisticated threat landscape. Because a weak link in the security stack could threaten plant operations and jeopardize public health and safety, the team needed to improve cybersecurity in tandem with other operations initiatives.

In 2011, VFWD began moving to the cloud. However, its existing firewalls were difficult and time-consuming to manage and insufficient to support the move. “In the legacy system, we had to input everything manually,” Chatman explains. “There was no automation, and the architecture wasn’t going to meet the needs of virtualization.”VFWD partnered with Palo Alto Networks to address critical security concerns, including endpoint security, intrusion prevention, security testing, and incident response planning.


SOLUTION

A platform approach supports modernizing the business

In 2011, VFWD implemented Palo Alto Networks firewalls, including URL Filtering and Wildfire. Along with PA-3000 Series Firewalls in the data center, VFWD deployed PA-220 Series Firewalls in remote locations, creating a consistent firewall solution across its operations.

From that foundation, VFWD moved toward a platform approach to security, expanding its relationship with Palo Alto Networks. It adopted Panorama to manage its security stack, Cortex XDR to protect devices and detect threats, and GlobalProtect to stop attacks before they happen.

Over a decade after it purchased the first firewalls, VFWD is upgrading to Palo Alto Networks Next-Generation Firewalls (NGFWs).

In 2022, VFWD added a Retainer with Unit 42, Palo Alto’s threat intelligence, cyber risk management, and incident response team. This ensures that in the event of a cybersecurity incident, the VFWD team will have cybersecurity experts instantly available to help, as well as ongoing strategic support and analysis. They used credits from their Unit 42 Retainer for cyber risk management services to take a more proactive approach to their cybersecurity strategy.


Warfare Training Command

quote

Replacing the existing firewalls with Palo Alto Networks Next-Generation Firewalls is a no-brainer. The system works well now—in the data center, the cloud, and remote locations. The capabilities of the NGFWs will just make it better.

— Jason Kaduk, Systems Specialist, Vallejo Flood and Wastewater District

RESULTS

Layered security strengthens posture across operations

Palo Alto Networks firewalls support IT strategy

Today, Chatman and Kaduk describe the District’s IT infrastructure as its “hardest working employee,” resulting from targeted technology investments. Implementing Palo Alto Networks firewalls and Panorama provides comprehensive visibility across networks that has simplified management, freed up time for other pressing tasks, and delivered an 85 percent reduction in Mean Time to Resolve for security incidents.

Utilizing PA-220 Series Firewalls in remote locations allows the team to secure and manage vital infrastructure in unstaffed locations.

“Replacing the existing firewalls with Palo Alto Networks Next-Generation Firewalls is a no-brainer,” explains Kaduk. “The system works well now–in the data center, the cloud, and remote locations. The capabilities of the NGFWs will just make it better.”

Critical infrastructure is secured through partnership

By taking a platform approach to security in partnership with Palo Alto Networks, the District has achieved a 50 percent increase in productivity and a 70 percent cost reduction through automation and streamlined management. For example, implementing GlobalProtect and Cortex XDR has allowed VFWD to eliminate multiple point products, further relieving the team of manual tasks while strengthening security across the IT infrastructure.

“The partnership is really beneficial,” Chatman emphasizes. “Working with Palo Alto Networks helps us stay ahead of threats and use the District’s resources strategically to maintain the strongest security possible.”

Unit 42 improves preparedness and threat awareness

Chatman and Kaduk worked with Unit 42 to develop VFWD’s first cybersecurity response plan, resulting in an improved security approach throughout the organization. Unit 42’s Penetration Testing also gives VFWD confidence that its infrastructure and critical systems are well protected.

Now, the VFWD team feels more confident that staff will avoid falling victim to phishing or other intrusion tactics, and it’s taking a more strategic approach to procurement.


quote

Working with Palo Alto Networks helps us stay ahead of threats and use the District’s resources strategically to maintain the strongest security possible.

— Terry Chatman Systems Specialist Vallejo Flood and Wastewater District

Partnership today ensures future progress

Through its partnership with Palo Alto Networks, Vallejo Flood and Wastewater District cost-effectively streamlined and modernized its security infrastructure. With more efficient, effective security solutions in place, the small IT and cybersecurity team can have a big impact by maintaining a strong security posture, keeping its critical infrastructure safe.

The team is better able to respond strategically to the constantly evolving threat landscape. As VFWD moves into the future, its relationship with Palo Alto Networks will support ongoing modernization—and its mission to serve the City of Vallejo and protect the San Francisco Bay



Learn more about Palo Alto Networks and Unit 42.