Tulane University

Managed Threat Detection and Response

Tulane University Retention Project

Customer

Employer

Summary of Challenges

In the realm of Sales Engineering, there’s a nuanced aspect that defies standard definition. It hinges on seasoned experience, unyielding determination, and the capacity to truly hear a customer’s voice and respond to their needs. Success in this realm demands adept discovery skills, adept negotiation both internally and externally, and the knack for viewing a customer’s needs through both tactical and strategic lenses. In mid-2021, I undertook a project that epitomized these demands, armed with neither a set timeline for completion nor substantial resources—save for one directive: proceed without additional expenditure.

The Challenge:

In late 2020, Tulane University inked a 3-year pact with AT&T for Managed Threat Detection and Response (MTDR). However, over six months into the deployment, progress languished, and the university’s CIO grew increasingly frustrated by the lack of headway. Despite sending logs from three sensors into the platform daily, the control node remained non-responsive. My mission was clear: rectify the situation.

Several stumbling blocks marred the MTDR deployment over the preceding three months. Here’s a breakdown of the key issues:

  1. Sensor Overload: The Palo Alto PA7050 Firewall’s sensors struggled to ingest logs effectively, leading to overload and subsequent crashes due to the sheer volume of incoming data.

  2. Resource Overutilization: The sensor overload cascaded to the control node, causing resource overutilization. This, in turn, hampered the processing speed of data as it traversed from the premise-based sensor to the cloud-based control node.

  3. Delayed Threat Model Workshop (TMW): Initially stalled by contractual hitches, the TMW—a vital precursor to deployment—was delayed. However, it has since been successfully conducted, marking a pivotal step forward in the resolution process.

In navigating these challenges, my approach merged technical expertise with proactive problem-solving, ensuring a swift and effective resolution to Tulane University’s MTDR woes.

Customer's Service Tier Information

Customer's Current Project Timeline

Customer's PANW 7050 NGFW Log Production

Diagram of PANW 7050 NGFW Log Flow

Customer's Current Project Timeline

Customer's Weekly Project Update

Conclusion.

The Solution

Following the completion of the TMW, I collaborated closely with both the deployment team and the customer to realign the deployment process according to the TMW findings. We divided the deployment into multiple phases, prioritizing assets based on criticality, from indispensable to less crucial items for migration into the monitoring platform.

Our initial step involved migrating the PA7050 to alleviate controller overload. Working with the customer’s firewall engineers, I guided the segmentation of logging by type and subnets, ensuring only relevant logs were integrated into the system.

Following this, critical servers, load balancers, and pivotal switches were transitioned into the platform. Despite lower log volumes compared to the PA7050, this move pushed the customer just beyond the 90% utilization threshold for contracted storage capacity. Recognizing the value of actionable insights from the platform, the customer upgraded their storage capacity from 6TB to 20TB monthly.

This transformative process not only left the customer highly satisfied but also highlighted tangible improvements in their security posture. With the revised contract finalized, the deployment team efficiently migrated remaining assets into the platform. By our last interaction, the customer had achieved approximately 85% visibility across their network, servers, and endpoints, a significant milestone in their security journey.

Results.

Increase in instance size
0 +%
weeks to bring customer to resolution
0
TCV of uplift at project conclusion.
$ 0 K