While the Carolina Panthers and Denver Broncos were preparing to face-off on the gridiron at Super Bowl 50, a smaller security team was busy getting ready for the big game too.

The Norwich University Computer Security and Information Assurance (CSIA) program, working directly with the Santa Clara Police Cybersecurity Task Force, was tasked with managing cyber security leading up to and during the Super Bowl. Norwich's security team knew they needed to focus on stopping real threats, versus chasing down false positives, so they tapped ProtectWise to deploy its secure cloud platform and provide visibility, threat detection and incident response during the game.

As a company headquartered in Denver, we were honored to be selected for this partnership and join the Broncos in Santa Clara, California for the Super Bowl.

Avoiding Alert Fatigue

Security analysts and threat management teams can't be effective if they can't prioritize threats. Many organizations use a litany of fragmented perimeter appliances that don't talk with each other, and thus generate a ton of noise in the form of alerts, many of which are false positives. This has given rise to alert fatigue - where security pros can't decipher which alerts are real threats and which are non-events.

Norwich University leveraged the ProtectWise threat engine to prioritize and threat hunt more effectively. While we saw more than 100,000 threat indicators, such as IP reputation, bad URL, payload and DNS observations, we correlated these down to 19 events that the team should focus on.


Capturing and Optimizing Data

With a single sensor deployed on the Levi's Public Wi-Fi Network, ProtectWise captured 8.806 Terabytes of Data and was able to optimize it by 82% to just 1.550 Terabytes of data, a true testament to the scale and power of our platform.

With one sensor, ProtectWise captured the following data at Super Bowl 50:

  • 8.806 Terabytes of data seen. Primarily HTTP, SSL and traffic to Amazon AWS.
  • 1.550 Terabytes of data captured (82% optimization)
  • 17 million URLs hit
  • 8,085,949 DNS requests

Visualizing the Network

Our platform's visibility into the network meant we were able to visualize how network behavior changed over time. We mapped the connections on the network to events as they happened and saw a strong correlation between a big play or event and the number of people that reached for their network connected device.


The amount of data handled demonstrates the ability of ProtectWise's Cloud Network DVR to scale and support very large networks. Super Bowl 50 was a win for two Denver teams; the Broncos and ProtectWise.

ProtectWise also received local coverage from 9News and The Denver Post.

We are very grateful to have been brought in as a partner of Norwich University for the Super Bowl. A huge thanks to all of the ProtectWise employees for helping keep Levi's Stadium safe on Super Bowl Sunday!

Next blog post