Case Study: State of North Dakota Information Technology (NDIT) achieves AI‑driven, automated SOC—cutting alerts from 16,000 to <60—with Palo Alto Networks' Cortex platform

North Dakota IT safeguards citizens with integrated, AI-driven security operations

The State of North Dakota Information Technology (NDIT) provides IT services for state government, education and citizens and in 2019 moved to unify more than 600 entities under a single strategy. Facing rapid scale (from 20,000 to 250,000 endpoints), tens of thousands of daily alerts, siloed tooling and rising costs, NDIT needed greater visibility, faster detection and a way to reduce analyst workload without expanding staff.

NDIT adopted the Palo Alto Networks Cortex platform, Prisma Cloud and Unit 42 managed services to standardize policies, automate response and centralize cloud visibility. The platform-driven approach cut daily alerts from ~16,000 to <60, uses 196 playbooks to close over 60% of incidents, achieved a 57% reduction in phishing false positives and 21,000 fewer incidents per year, and now automatically resolves ~99.6% of incidents—delivering efficiencies equivalent to 8–10 SOC analysts and much faster threat detection.

State of North Dakota Information Technology (NDIT)

Michael Gregg

Chief Information Security Officer