Case Study

Best Practice Assessments Ease Security Upgrade at Solano County Office of Education

Best Practice Assessments enable new IT leadership to master Palo Alto Networks firewalls quickly, ensuring compliance and leading to an upgrade for enhanced security features.

In brief


Solano County Office of Education


Public Sector


United States of America

Featured products

Educational, fiscal, legal, and technology services and oversight provided to school districts and community colleges across the county.

Organization Size

64,000 students

  • New IT leadership is required to rapidly assess compliance with industry standards for security while balancing a myriad of ongoing tasks and projects.
  • Firewall license renewals create an opportunity to look at newer hardware.
  • Ensure compliance with industry standards for security.
  • Support to learn a new environment quickly to deliver stellar service to school districts, teachers, and students.
  • Enhance firewalls to maximize effectiveness of cloud-delivered security solutions.
  • Best Practice Assessments (BPA) to ensure compliance
  • Palo Alto Networks Next Generation Firewall (NGFW) with Threat Prevention and URL Filtering
Download PDF Share

Solano County Office of Education (COE) provides a variety of services supporting job readiness training, safe schools initiatives, fiscal accountability, and equity projects for six school districts serving 64,000 students in the northeast San Francisco Bay Area. The county has long been one of the most diverse in the United States, and as part of its mission to ensure educational equity, Solano COE provides technical support, resources, and expertise to help school districts empower students through digital learning.

For several years, Solano COE has relied on Palo Alto Networks for the solutions that keep its districts’ networks secure. The Office of Education uses Palo Alto Networks Next Generation Firewall PA-5450 to provide firewalls for the districts, and it employs cloud-delivered security services (CDSS) including Threat Prevention and URL Filtering.


New IT management faces a host of challenges

At the beginning of the 2021-22 school year, Solano COE hired new leadership for its IT team. Incoming Director, Information Services and Technology, Joe Bacinett, was familiar with Palo Alto Networks solutions, but his plate was immediately full with urgent projects, from replacing the Office of Education’s legacy financial system to dealing with ongoing technology challenges created by a year of remote schooling. New Senior Network Engineer, Zach Moore, had never used Palo Alto Networks products; while he took the initiative to educate himself prior to taking the role, ultimately, he learned much of the platform on the job.

With other positions on the IT team unfilled and more projects to complete than there was time in the day, Zach and Joe needed to rapidly ensure that all aspects of the technology estate were in compliance. They also needed to determine whether to extend the license on existing firewalls or procure new hardware with increased capabilities. Joe summed up the situation succinctly: “Overwhelming would be a good way to put it.”


Ensuring security while increasing IT knowledge

As the project lead, Zach needed to accomplish multiple goals at once, using an unfamiliar platform. First, he needed to ensure that network security was in compliance with regulations and that it met or exceeded industry standards. Second, he needed to gain more hands-on knowledge of the system’s processes and capabilities. Third, he needed to assess Solano COE’s current and future security needs to support the firewall project.


Best Practice Assessments deliver actionable insights

Zach elected to run Palo Alto Networks Best Practice Assessments (BPA) to ensure that Solano COE’s security services were in compliance. Beginning with his very first assessment, he found that navigating the interface was surprisingly straightforward and intuitive. Even as a new user, he could run the BPA easily, with the report identifying areas of potential vulnerability and suggested solutions, most of which could be implemented simply by checking a box.

Between October 2021 and March 2022, Zach ran five different BPAs, and discovered that each one taught him more about how the security platform operated and how to manage it. He also appreciated that when he reached out to Palo Alto Networks for help, his account team would invest time and energy in solving his problems. In January 2022, Palo Alto Networks helped to set up training for the IT staff and school districts to enhance their proficiency and help them be more independent in creating and managing policies for their schools.

The training gave the IT team an opportunity to experiment with advanced features, such as Cloud Identity Engine, and empowered the school districts to create and manage policies more efficiently on their own. Along with the BPAs, the training also helped Zach and Joe to explore the impact that upgraded firewalls would have on Solano COE’s current and future security posture. In light of additional features, increased scalability, long-term cost savings, and the benefits of expanding their use of CDSS, such as WildFire, they upgraded to Palo Alto Networks PA-5450.


Continually improving security with ease

The BPAs acted as an awareness tool and created a roadmap of issues to look out for, improving Solano COE’s ability to identify and adopt features that would be beneficial. With best practices clearly defined and straightforward ways to improve policies and practices, the Office of Education was able to continually improve its security posture with ease, saving valuable time.

Zach and Joe also benefited from the robust security environment Solano COE and Palo Alto Networks had already established, including Threat Prevention, App ID, and URL Filtering.

Threat Prevention and App ID provide detailed visibility, making it easy to check logs and see what’s happening on the network, and simplifying the process of building reports and aggregating data any way the user wants it. URL Filtering identifies and automatically blocks malicious URLs, including malware and phishing sites, through a combination of static analysis and machine learning—accounting for 106,000 blocked malicious URLs per week across the Solano County school districts.


When the Log4j incident occurred in December 2021, we didn’t know if we’d been affected. Through Threat Prevention and App ID, we were able to find out easily that fortunately we hadn’t been. I was impressed that Palo Alto Networks released updated content the same day the exploit was released.

— Zach Moore, Senior Network Engineer, Solano County Office of Education

While running the BPAs, learning the platform, training staff, and setting requirements for the firewall upgrade, Zach and Joe were particularly pleased by the way Palo Alto Networks worked with them closely. In previous roles, Zach had been frustrated by long wait times for service and a lack of consistent support, but he learned quickly that the Palo Alto Networks team was reliable and always there when he needed help—to answer questions, provide guidance, enhance his knowledge, and deliver whatever was required.

A partnership for a safer future

Now that Solano County Office of Education has upgraded to PA-5450, Zach and Joe are looking forward to building on their existing foundation to create an even safer future. The firewall upgrade will enable them to take advantage of advanced features, such as the Cloud Identity Engine, and it will enhance the benefits of URL Filtering, Threat Prevention, and other cloud-delivered security services. As they move into the future, they’re also confident that their continued use of Best Practice Assessments will enable them to maintain compliance with industry standards.

Upgrading to a more versatile Palo Alto Networks firewall is also an opportunity to gain greater mastery of the platform. Zach and Joe are pleased they can trust Palo Alto Networks solutions and customer service so they can confidently face new challenges and deliver the best possible service to the school districts, teachers, and students of Solano County.

Find out more about how Palo Alto Networks Best Practice Assessments and customer support can help you stay ahead of the game with security.

Learn how organizations can leverage inline deep learning to stop today’s most sophisticated attacks as they happen by reading Requirements for Preventing Evasive Threats.