Case Study
In brief
Enloe Medical Center
Health care
United States of America
Unit 42 Managed Detection and Response (MDR)
Enloe Medical Center is a 298-bed acute care community hospital near Chico, California, whose approach to security was transformed following a ransomware event. The event was a big wake-up call.
For medical facilities, cybersecurity is critical for protecting access to patient records and networked medical devices. At the time of the attack, Enloe’s Cybersecurity team had a variety of tools in place and was getting information from many different sources, making it challenging to form an overall picture of what was going on. This situation contributed to the ransomware gaining a foothold.
As a result, Enloe’s Cybersecurity team knew they needed to strengthen their security posture. They chose to standardize on industry-leading Palo Alto Networks Cortex XDR® to identify and respond to threats much more rapidly.
“The ‘aha!’ moment that told me that Cortex XDR was what we really needed,” said Jordan Sledge, Cybersecurity Manager at Enloe, “was the level of visibility that it provided us and the speed at which we were able to triage and validate the information that was coming in.”
CHALLENGES
Adopting Palo Alto Networks Cortex XDR was a game-changer and provided Enloe with the visibility and detection needed from the perimeter to the endpoint.
But with turnover on its Cybersecurity team and a tight market for skilled staff, Enloe was losing the expertise needed to administer its cybersecurity tools. It had to invest heavily in bringing new people on board and getting them up to speed. Enloe began looking for a partner that could help manage its cybersecurity services, ensuring 24/7 coverage.
Enloe evaluated several vendors. Because it had already invested in Cortex XDR, it was important to find a vendor with expertise to leverage that investment. The team carefully examined the features and functionality of vendors’ offerings, their skill level in managing XDR, and cost.
SOLUTION
Palo Alto Networks Unit 42 Managed Detection and Response (MDR) outclassed the other offerings Enloe evaluated. Enloe already had a very positive experience with Cortex XDR and other Palo Alto Networks products. The Managed Detection and Response service from Unit 42 leverages those investments while promising 24/7/365 managed coverage, reducing the demands on Enloe’s Cybersecurity team.
According to Sledge, “Our experience with Unit 42 has been absolutely phenomenal. One of the things that surprised us about it was the Unit 42 Managed Threat Hunting that is part of the MDR service. Not only did we get detection and response services, which are reactive, we got Managed Threat Hunting, which is proactive.”
In the first month of using the Unit 42 MDR service, Enloe’s Cybersecurity team leaders began to see the advantage of the proactive approach. Unit 42 notified Enloe of an emerging threat and immediately scanned the organization’s systems for vulnerabilities. This assured Enloe that its systems were not affected and that Cortex XDR was able to detect behaviors associated with the emerging threat. Managed Threat Hunting saved the Cybersecurity team hours of research when new vulnerabilities were identified.
“That’s extremely valuable,” noted Sledge. “I have not seen anything like that in the industry. I think that’s a huge differentiator and a huge value-add to the organization.”
With a Unit 42 retainer in place, Enloe could count on incident response experts as an extended part of its Cybersecurity team, available on speed dial whenever it needed assistance.
BENEFITS
Enloe benefits from its partnership with Unit 42 in three key areas:
Best-in-class security operations
Cortex XDR and Unit 42 MDR enable Enloe’s Cybersecurity team to contain threats and gather the evidence needed to fully analyze an incident with full visibility across endpoint, network, and cloud, making sure nothing gets past its search.
Tom Osteen, Chief Information Officer at Enloe, noticed improvements in overall Cybersecurity team efficiency and morale after adopting Cortex XDR. “When your team has a great tool that they’re happy with, they tend to approach their work with more energy and passion, and that drives efficiency as well,” he said.
Threat intelligence
Because of Unit 42’s knowledge of the threat landscape and experience, it can provide an ongoing expert assessment of Enloe’s systems. It even responds proactively to emerging threats to secure Enloe’s systems before an attack can succeed.
Threat-informed incident response
Unit 42 is a world-renowned cybersecurity incident response team, with experience derived from responding to hundreds of major incidents every year. Having Unit 42 on retainer gives Enloe peace of mind knowing it has Unit 42’s expertise to investigate, mitigate, and rebuild in the event of a cybersecurity incident in the future.
Together, these benefits create a best-in-class program, with 24/7/365 monitoring for cybersecurity events, rapid response, and mitigation. Sledge said, “With the combination of XDR, MDR, and a Unit 42 retainer, I can now respond with confidence.”
RESULTS
Threat detection and monitoring is among the most critical cybersecurity team functions. Enloe Medical Center’s Cybersecurity team can be confident in the knowledge that their systems are being monitored by a reliable and highly skilled partner. Enloe has MDR to augment its in-house Cybersecurity team and Unit 42 on retainer to deal with any future large-scale cybersecurity incident.
As Osteen put it, “We’re excited to be partnering with Palo Alto Networks Unit 42 MDR. They stay awake so you can sleep.”
About Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organization that’s passionate about helping you proactively manage cyber risk. Our team serves as your trusted adviser to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time so that you get back to business faster.
If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe cyberthreats, visit start.paloaltonetworks.com/contact-unit42.html to connect with a team member.
Under attack?
If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team at start.paloaltonetworks.com/contact-unit42.html or call North America toll-free: +1.866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, UK: +44.20.3743.3660, APAC: +65.6983.8730, or Japan: +81.50.1790.0200.