When Shannon Lawson came to Phoenix as CISO in 2019, the city was using endpoint protection products he’d never even heard of.
At the suggestion of other cybersecurity experts, Lawson decided to test CrowdStrike’s products and services in a city environment. These include the CrowdStrike Falcon platform, CrowdStrike Falcon Complete, and an incident response archive from the company. “While we were rolling out these products, we witnessed a hands-on keyboard attack on one of our outbound HR systems,” Lawson said. “Our other tools did not alert us to the attack at all. That’s what signed the deal for us. “
Having become a top concern for government IT stores, cybersecurity becomes even more important as more cities, states, and counties send their employees home in March 2020 to face the challenge. deal with the COVID-19 pandemic. Along with powerful endpoint security and remote authentication tools, many organizations have adopted continuous monitoring solutions and practices that enable IT security leaders to continuously monitor remote machines. , said Eric Hanselman, principal analyst at 451 Research.
“In the rush to simply make remote work possible, a lot of the initial routine security assessments have stalled,” says Hanselman.
“What has happened over time is that agencies have come to understand their exposure levels and they are trying to redeploy security controls in ways that would work in the environment,” he added. combine. “The continuous monitoring part means tracking the identity status of the user, the device they are connecting from, and their actions throughout the life of their connection in real time.”
“I had suppliers come in and the first thing they told me was what great deal they could give me on the product,” he says. “They don’t even talk about the possibility. You have to talk to fellow CISOs and ask probing questions about what works and what doesn’t. Even then, you must test it, because what works in your environment may not work in someone else’s environment, and vice versa. “
The introduction of MFA is especially important to keep remote workers’ Microsoft Office 365 credentials from being compromised.
Lawson adds that continuous monitoring practices are important to ensure that systems are ready to handle evolving attacks. “I have us on a scan/patch/scan cycle of 30 days,” he says. “Every month, the entire factory is scanned. We can show that we are keeping up with regulatory requirements and addressing threats in our environment. “
How Utah is rethinking its cybersecurity infrastructure
When Zachary Posner became CEO of Salt Lake County in Utah, he spent the next two years tweaking its already robust remote work and cybersecurity infrastructure. Then, when the pandemic hit, county officials asked him if he could support work from home on a large scale.
Posner recalls: “We said, ‘Not only can we do it, all we need to do is pay for the licensing. “We are ready to go. We already have Fortinet appliances that can handle the capacity of virtual private network connections. It’s great when all you have to do is write the check.”
In the run-up to 2020, Salt Lake County has deployed FortiGate’s Fortinet next-generation firewall, FortiClient for security management for VPNs, and FortiAuthenticator for MFA.
DETECT: Why state and local agencies lack incident response plans.
“Identity is the biggest flaw in any business, and especially in government,” says Posner. “I need to know that the person logging in is who they say they are and the best way to do that is MFA.”
Salt Lake County is also using an MDR solution from another vendor. The tool provides threat detection, incident response, and continuous monitoring, which is essential for some employees who still work remotely, says Posner.
“There is really no longer a defensible physical belt,” says Posner. “Defense takes place wherever your machine is in the world.”
Percentage of states where more than one-fifth of employees work remotely during the COVID-19 pandemic
Source: Deloitte and National Association of State Chief Information Officers, “Deloitte Cybersecurity Study – NASCIO 2020”, October 2020
How Illinois is transforming its approach to cybersecurity
Before the Illinois State Treasurer’s Office adopted CrowdStrike tools, the agency was receiving up to 30,000 false positives per day for alerts. At that point, the alarms are essentially meaningless, CIO Joseph Daniels said.
“Financial tokens need a very specific kind of oversight,” Daniels said. “Otherwise, it lights up like a Christmas tree all day long. Our previous supplier wanted 18 months to issue a fix, at an additional cost. I told them we couldn’t go without security for 18 months.”
The agency deployed the CrowdStrike Falcon platform, as well as the Falcon Complete MDR engine. “We have 24/7 security operations center support,” says Daniels. “Instead of me hiring 30 SOC analysts, we use their team at a very low cost. They have immediate authority to take action on our behalf for certain threat levels. It was priceless. “
DISCOVER: How US airports fight cyber threats.
Daniels says CrowdStrike proved critical during a midnight incident at one of the agency’s disaster recovery sites. “They can isolate a backup server without impacting the business,” he said. “If we didn’t have these tools, we would lose all of our backups. Our agency will be destroyed. Without CrowdStrike, the question would be, ‘How are we going to recover?’ With CrowdStrike, it becomes, ‘How can we investigate?’
The agency also uses a cloud management portal, which provides continuous monitoring of remote devices. “If we had a zero-day patch, we wouldn’t have to wait for someone to connect to the VPN,” says Daniels. “I can see 100% of our endpoints when they are connected to the internet, from anywhere.”