“When Arctic Wolf analyzes our traffic and our logs, we know they’re not just looking at a localized event. They are taking the whole picture into account, which is really important to us.”
— IT Manager, Business Applications
Cyberattacks on local governments are increasing at an alarming rate. In recent years, there have been major attacks on Atlanta and Baltimore, other large metro government agencies, and smaller locales. Atlanta’s recovery stretched out for more than a year to the tune of approximately $7.2 million. These cyberattacks can potentially disrupt critical infrastructure like utilities upon which residents rely.
Because utilities are so critical, they are now high-value targets for malware, ransomware, and denial-of-service attacks. And hackers often have a false perception that cities can simply print money to quickly get their vital systems up and running again.
As attacks on cities made increasing headlines, one city government in the San Francisco Bay Area knew they needed to fortify its network and systems. As a first step, it joined government-sponsored organizations related to cybersecurity such as the Multi-State Information Sharing and Analysis Center® (MS-ISAC) that releases frequent bulletins on potential zero-day attacks and critical patches. The city shared this and other information with their IT staff, but knew there was more it needed to do.
“Cybersecurity is a challenge, but a needed one and we embrace that,” said the city’s IT Manager, Business Applications. “Our executive team and city council want us to be proactive when it comes to cybersecurity.”
Creating a Security Operations Center
The city’s IT staff conducted a security audit of their entire operation and determined they should create a security operations center to bolster their protection. In the event of a cyber emergency, they could engage a team of individuals who monitored the network to provide resources, guidance, and potential resolutions.
The team considered adding a cybersecurity expert to its staff, but the salary requirement was cost-prohibitive when recruiting for this particular skillset in the Bay Area.
Understanding the city needed a cost-effective solution that provided 24x7 coverage with deep cybersecurity expertise, the IT Manager began the search for a service provider, and then discovered Arctic Wolf. Not only did Arctic Wolf provide the necessary expertise, it also provided a whole team of cybersecurity experts and forward-looking guidance.
“Why hire just one person at a similar price point when you can hire a whole team of security-focused individuals?” said the IT Manager.
The IT Manager conducted research on other offerings in the cybersecurity marketplace and found the Arctic Wolf® Platform for threat detection and response and Concierge Security® Team was the right fit for the city. An individual on the Arctic Wolf team would be dedicated for onboarding—working with the city’s IT staff, going through the entire network, and reviewing all of the network’s elements. The IT Manager believed this would lead to quicker resolutions in the event of an attack.
“With other providers, we felt we weren’t going to get the same level of understanding and customer support for our network right away,” said the IT Manager.
Arctic Wolf already had all the connectors prebuilt and log ingestion integrations ready to be launched, which allowed the city to stand up a solution within a couple of months.
Getting User Buy-In
Cybersecurity requires a multi-pronged approach. In addition to threat detection and response, a comprehensive solution requires protection against social engineering—training city employees to take the right actions and remain vigilant against cyberthreats. While the city has a security awareness program that uses a different toolset, Arctic Wolf detects lateral movement. With a client installed on devices, laptops, desktop computers, and servers, Arctic Wolf can spot unusual network activity and immediately notify IT staff and escalate issues quickly. This was especially important to the city due to the increase in hybrid work during the pandemic.
“Even when we all had to shift to work from home, the traffic was still being analyzed, so we really didn’t lose any opportunities to see unusual activity,” said the IT Manager.
Better Prepared for an Uncertain Future
Through its partnership with Arctic Wolf, the IT Manager believes security gaps have been closed in the city’s IT network and systems. Still, he also recognizes the need to continue to be vigilant. The complexity, sophistication, and organization around cyberattacks are increasing with novel approaches always on the way. But with Arctic Wolf’s threat detection and response solution, the IT Manager says he can sleep better at night for two reasons.
First, Arctic Wolf’s entire customer base is sharing information and continually learning from each other’s experiences, allowing the insight gained to be spread across all their customer sites. As the IT Manager says, “Not only do we gain an entire security team, but we also tap into the collective knowledge of all of the other customers that share their security logs with Arctic Wolf.”
Arctic Wolf and the city’s IT team meet every two to four weeks to review the current threat landscape and align on what constitutes an alert. This process and the use of Arctic Wolf’s machine-learning security information and event management (SIEM) technology has led to the city’s IT staff receiving fewer alerts—and having to act on only important alerts.
“Arctic Wolf allows us to take action on the events we should be looking at so we aren’t chasing down false positives all day,” said the IT Manager. “Arctic Wolf has been a great security partner for us. Adding them to our bench of expertise and knowledge has helped our team grow and be more aware of cybersecurity events and processes.”