Reducing the risk of successful cyberattacks on the University’s endpoints
Lancaster University’s legacy antivirus solution lacked the modern functionality to efficiently defend 10,500 endpoints. The University needed to:
- Tackle increasing cyberthreats: The higher education threat landscape is shifting to advanced, multistep attacks. Lacking constant coverage and immediate response, the University’s assets were at risk.
- Increase clarity across the threat landscape: Threat actors and tactics change daily, and the University’s SOC lacked the complete visibility to interpret and recognise modern attack patterns.
- Manage a backlog of issues: Analysts were overwhelmed responding to low-fidelity issues, giving less time for threat hunting.
“Palo Alto Networks has given us what once felt impossible: not only cutting-edge technology but also access to some of the sharpest security expertise in the industry. This enables my team to focus on the security challenges that are unique to the University, rather than being overwhelmed by noise.”
John Couzins
Head of IT Security, Lancaster University
Scale fast and focus on what matters most
In response, Lancaster University turned to Palo Alto Networks, choosing Cortex XDR and Unit 42 Managed Detection and Response (MDR), which natively integrated with the University’s existing network security solution. This consolidated platform enables the University to detect and respond to attacks 24/7, allowing the security team to scale fast and focus on what matters most.
Paul Verrall, Senior Security Operations Analyst at Lancaster University, comments: “We didn’t consider Palo Alto Networks at first for endpoint protection, only for network security. Now we can’t think of anyone else. Their complete view of our infrastructure, their out-of-the-box integrations, and their expert monitoring ensures our confidence that we are safeguarded from any emerging threats.”
-
Transforms security with continuous monitoring
Cortex XDR ingests multiple University telemetry points, automatically stitching data together for faster threat response. The Unit 42 MDR analysts respond to cases and perform full investigation, containment, and remediation of threats within the Cortex platform.
Paul summarises the effectiveness of the MDR services by relating this real-world event: “Unit 42 called me one evening to report that one of our public servers was being exploited but not weaponised. At which point we took it off the public internet. Unit 42’s forward thinking saved us a huge amount of time and a potential data breach.”
-
Accelerates SOC productivity
Instead of focusing on manual remediation, the University’s SOC analysts can now devote more time to the most critical cases, isolating the vulnerabilities that caused them in the first place.
For example, Palo Alto Networks Unit 42 experts used Cortex XDR to aggregate security telemetry from the University’s endpoints, network, cloud, and identity sources. The platform’s enhanced application logs (EALs), combined with rich Layer 7 application and threat data from Palo Alto Networks network security, enabled them to stitch together high-fidelity events. This streamlined data integration then allowed the team to apply threat intelligence, behavioural indicators, and analytics to mitigate threats effectively.
“In the past, we didn’t know what to put our eyes on. Now we can sink more time into investigating the right incidents,” says Paul.
-
Helps SecOps team learn and grow
Lancaster University is in competition with the private sector to attract and retain security talent. This modern, intuitive platform eliminates most of the repetitive monitoring and reduces issue fatigue, allowing the SOC team to focus more on adding strategic value to the University’s security. This, in turn, improves morale and supports long-term skills retention.
“We’re all now speaking one language, the integrations are super easy, and the team is acting as one to defend the perimeter,” says Paul.
-
Multilayered 24/7 expertise and protection
Rich data and sophisticated ML models automate detection and prevention, and guide remediation for trusted security outcomes.
During the project evaluation phase, the University first experienced Unit 42’s expert monitoring and agility.
“We engaged with an external penetration testing specialist to run standard playbooks and measure each vendor’s MTTD. All performed equally. However, when we added our own malicious behaviour vectors, only Unit 42 identified and stopped the threat,” says John Couzins, the University’s Head of IT Security.
Lancaster University’s ongoing cybersecurity transformation endeavours to maximise cross-campus visibility, optimise resilience, and reduce risk. Palo Alto Networks is central to the University’s toolset: its granular network visibility helps prevent threats from impacting students, staff, systems, and data.
In this episode of Threat Vector, host David Moulton welcomes AFV Director
share this story
