A pressing need for secure, reliable, and streamlined government tech
With the Vermont Judiciary’s previous infrastructure, outages were common. Joseph Paquin, Director of IT, decided it was time to start over, “We needed guaranteed uptime, speed, and secure connections for all our personnel no matter where they are.” His team set out to:
- Consolidate security vendors to streamline operations and reduce costs.
- Provide a continuity of services across all court locations and for remote workers.
- Deliver flexible, agile security from the cloud with comprehensive visibility into all attack surfaces.
- Implement a Zero Trust methodology according to the NIST SP 800-215 guidelines.
“The courts can’t operate without our IT services running, and if the courts are down, then the justice system comes to a halt, and real people’s lives are impacted.”
– Joseph Paquin
Director of IT, Vermont Judiciary
Starting at zero with Zero Trust
The Vermont Judiciary is a citizen-centric organization seeking to provide secure, uninterrupted access to justice. For Paquin, that translated to adopting a full Zero Trust methodology with redundancy—and to taking a platform approach to the tools. Paquin’s team elected to follow the NIST SP 800-215 guidelines and FedRAMP requirements, crafting a network that would be almost entirely microsegmented all the way to the endpoints. As the judiciary evaluated vendors, Palo Alto Networks emerged as the clear choice. “It was the only solution that met the Zero Trust methodology along with redundancy,” says Paquin.
Unifying teams and tools with platformization
The organization went all in on the Palo Alto Networks portfolio, starting with PA-Series and VM-Series Next-Generation Firewalls deployed at its data centers and in Microsoft Azure. Prisma SASE came next for network resilience and secure remote access, followed by Cortex XDR for AI-powered extended detection and response on the judiciary’s endpoints. Finally, the organization layered on Unit 42 Proactive Services for incident response planning and threat intelligence.
Path to Platformization
Network security
Next-Generation Firewalls with Cloud-Delivered Security Services
Branch transformation
Prisma SD-WAN provides application resiliency, uptime, and business continuity
Secure remote access
Prisma Access delivers agile, flexible security
Endpoint security and incident investigation
Cortex XDR protects company-managed endpoints and servers
Cyber risk expertise
Unit 42 Proactive Services provide incident response planning and threat intelligence
-
Supercharging bandwidth with a SASE approach
Deploying Prisma SD-WAN and Prisma Access in an integrated SASE architecture has supported a more strategic approach. “We’re now thinking holistically about networking and security together,” Paquin says. Prisma Access secures the organization’s remote workers and court locations from the cloud, allowing it to offload traffic from the on-prem firewalls, and Prisma SD-WAN provides network resiliency and performance. Additionally, both solutions are FedRAMP-certified, a top requirement for any government organization.
![]()
What’s more, Prisma SD-WAN was the only solution that could perform wire failover, both to balance the traffic over several paths and begin to “mesh” the network. Instead of a hub-and-spoke network reliant on MPLS circuits, the Vermont Judiciary now has 50X the capacity and a minimum of triple redundancy at each courthouse. -
Maximizing value with speed to deploy and 100% uptime
![]()
Deploying SD-WAN devices at each courthouse took a single day. “I walked in, plugged in the SD-WAN devices, and booted everything up,” Paquin says. “Everything just worked.” Once the new network was complete, the transformation in uptime was instant. “Prisma SD-WAN has paid for itself time and time again by now,” exclaims Paquin. “We used to have to close down courthouses, and now we have 100% uptime.” -
Slashing MTTR with actionable insights
![]()
Cortex XDR has given Paquin and his team the ability to easily see and manage endpoints, detect vulnerabilities, and block threats. The solution then uses that data to stitch together related events across the infrastructure.“We’re a small team without time to pore over a ton of logs,” Paquin explains. “We need to be able to get actionable insights right away and take care of them.” Thanks to these insights, the mean time to resolve security incidents has shrunk from 14 days to just a few hours.
What’s more, Prisma SD-WAN was the only solution that could perform wire failover, both to balance the traffic over several paths and begin to “mesh” the network. Instead of a hub-and-spoke network reliant on MPLS circuits, the Vermont Judiciary now has 50X the capacity and a minimum of triple redundancy at each courthouse.
Deploying SD-WAN devices at each courthouse took a single day. “I walked in, plugged in the SD-WAN devices, and booted everything up,” Paquin says. “Everything just worked.” Once the new network was complete, the transformation in uptime was instant. “Prisma SD-WAN has paid for itself time and time again by now,” exclaims Paquin. “We used to have to close down courthouses, and now we have 100% uptime.”
Cortex XDR has given Paquin and his team the ability to easily see and manage endpoints, detect vulnerabilities, and block threats. The solution then uses that data to stitch together related events across the infrastructure.“We’re a small team without time to pore over a ton of logs,” Paquin explains. “We need to be able to get actionable insights right away and take care of them.” Thanks to these insights, the mean time to resolve security incidents has shrunk from 14 days to just a few hours."Instead of trying to sell us a solution or a product, Palo Alto Networks has really listened to what our business goals are and partnered with us to get there.”
– Joseph Paquin
Director of IT, Vermont Judiciary
-
One portfolio. Multiple benefits.
The Vermont Judiciary made vendor consolidation a goal for a reason: The unified platform approach saves labor, time, and money while increasing visibility. “Our firewalls are integrated with Strata Cloud Manager, and our SD-WAN is fully integrated with the rest of our network. With Cortex, we’re starting the path to SOC transformation so that we can ingest data from other Palo Alto Networks solutions,” Paquin marvels. “We didn’t have to spend hours and hours figuring out which vendor works with which or how to get around something.” The platform approach has also been crucial for scaling Paquin’s small team, already saving the organization $350,000 per year—about 10% of the judiciary’s operating budget.
Preparing for the threats of tomorrow
As the Vermont Judiciary continues to advance its infrastructure, the organization is exploring Palo Alto Networks solutions for use cases like digital experience monitoring (DEM) and cloud-native application protection (CNAPP) and planning to use its Unit 42 Retainer credits for Purple Team exercises, among other services.
The judiciary is also pondering how it will both use and protect against emerging technologies. “It’s a really big win for governments to think outside the traditional methodologies and start rebuilding their networks for the future,” Paquin says. “Artificial intelligence, quantum computing: These are risks that are going to affect us. Palo Alto Networks is staying ahead of the game, and that’s huge.”
"Our organization has to remain agile to provide value to Vermonters, to the courts, and to all the people that come through our court system. Working with Palo Alto Networks allows us to move as fast as we want, but securely.”
– Joseph Paquin
Director of IT, Vermont Judiciary
share this story
