Critical services, powerful protection: The City of Whittier modernizes cybersecurity

In an earlier engagement, Whittier had adopted Palo Alto Networks Next-Generation Firewalls with Panorama^®—a game-changing move that enabled its IT team to manage multiple firewalls from a single interface and push out policies uniformly.

Building on that infrastructure, the city is leveraging Palo Alto Networks’ deep packet inspection and application awareness capabilities to gain comprehensive network insight. The firewalls examine the full content of network packets—not just headers—providing visibility into application traffic, user behavior, and data flows. Beyond security benefits, this visibility enables capacity planning, with upgrades informed by bandwidth usage data. Now, Whittier is implementing Strata Cloud Manager to enhance its security posture even further with automated vulnerability identification and best-practice evaluation.

One of the most impactful initiatives for the City of Whittier was the implementation of Palo Alto Networks Enterprise Device Security. Initially operating with 0% visibility into its device landscape, the city now has 100% visibility. “I can’t overstate the value in knowing which devices are vulnerable—and why,” states Bob Ambroso, IT Manager. The insights allow his team to quickly identify and remediate vulnerabilities, including outdated firmware on cameras and open ports on library computers. The system also instantly notifies the city of new, potentially unauthorized devices—like personal routers plugged in by the police department—enabling real-time threat intelligence and rapid remediation. For deployment, Whittier enlisted the support of Professional Services to get the job done “quickly and correctly the first time,” Ambroso reports—“not to mention the invaluable transfer of knowledge during the process.”

Cortex XDR, backed by Unit 42 MDR, has reduced both the operational burden and the time it takes for the Whittier team to detect and respond to threats. By managing day-to-day issues, Unit 42 allows the city’s staff to focus solely on threats that meet their critical threshold. The result has been a reduction in mean time to detect (MTTD) to approximately five minutes and a significant efficiency boost—giving the team back nine hours a week to dedicate to strategic initiatives. Additionally, “Cortex XDR can get granular really quickly so I see finer details and visibility into my endpoints compared to our previous vendor, CrowdStrike,” Ambroso notes. “The policy development ability in Cortex is also way more comprehensive.” Furthermore, Unit 42 MDR provides invaluable proactive threat hunting and threat intelligence, including two to three weekly reports on current threats, educating the team on indicators of compromise and vulnerability entry points.

The city’s investment in a Unit 42 Retainer has provided not only incident response support on demand but significant strategic value. “Luckily, we haven’t needed the retainer for an incident,” explains Ambroso, “but the dollars didn’t go to waste.” Whittier redirected its credits toward proactive improvements like IR planning and policy development, an area where the team consistently struggled to find time. Unit 42’s expertise also proved invaluable during the Enterprise Device Security implementation, with specialists helping Whittier understand issues, fine-tune configurations, and determine appropriate response priorities. By the end of the first year, Whittier had comprehensive and validated incident response policies and a business email compromise plan—critical security frameworks that previously didn’t exist. The proactive approach dramatically improved the city’s incident preparedness rating, increasing it from a 4 to an 8 on a 1–10 scale.