Industry | Driver | Company Size |
State & Local Government | Securing cloud; CJIS, IRS Pub and HIPAA compliance | 1,000 |
Challenge
Ottawa County’s complex infrastructure and busy IT team required an affordable, easy-to-use, automated detection and response solution to reduce manual log reviews required for state and local government compliance regulations.
Solution
Blumira’s easy-to-use and cost-effective solution detects, alerts and walks Ottawa County’s team through remediation; automating the manual process to save them time in threat hunting and investigation while providing comprehensive security coverage for their cloud and on-premises environment.
We’re required by CJIS and IRS Pub 1075 compliance to review our logs daily. Blumira has saved us time because we can’t monitor all of our logs — we would need a team of 100 to go through all of these logs manually.
Technical Infrastructure Manager
Ottawa County
Ottawa County is located in the southwestern part of Michigan’s lower peninsula, bordered by Lake Michigan; a popular vacation destination. Populated with over 260,000 inhabitants and composed of 17 townships, six cities and one village, the county has more than 380 manufacturing facilities for furniture, office equipment and automobile-related manufacturing. Its state equalized value is over $11 billion.
The county organization is composed of many different departments, courts and sheriff, parks, community and health units all with the mission of providing services to its citizens.
The Challenge: Securing Complex Cloud Infrastructure While Meeting Compliance
As a result of its wide variety of services and departments supported, the county has a complex web of infrastructure it must maintain on the IT operational side as well as security side.
Ottawa County’s Technical Infrastructure Manager Mike Morrow implements the design and architecture of the county’s technical infrastructure, while running a team of network and server engineers, as well as a telecommunications administrator and service desk engineer. The team is tasked with managing IT and security for the county’s services, including patching, security awareness training, maintaining network access controls and more.
While staying secure and reducing risk was a key priority for Morrow’s team, they also had several compliance regulations they needed to meet:
- CJIS (Criminal Justice Information Services) – A regulatory framework mandated by the FBI (Federal Bureau Investigation) to help protect criminal justice data as processed by Ottawa County’s police and sheriff departments
- IRS (Internal Revenue Service) Pub 1075 (PDF) – A set of security guidelines intended to safeguard tax returns and return information handled by federal, state and local agencies
- HIPAA (Health Insurance Portability and Accountability Act of 1996) – A federal law that protects sensitive patient health information, as required to secure Ottawa County’s community, mental and public health data (known as EMR – electronic medical records)
Ottawa County’s IT, sheriff’s department, district court probation and prosecuting attorney is audited every three years to ensure compliance with CJIS. After an IRS Pub audit, Morrow knew they needed to start auditing logs on a regular basis to meet compliance, which meant they needed to get a SIEM (security information and event management) implemented to provide detection, alerting and response capabilities.
Morrow and his manager, Director of Innovation & Technology Paul Kilmas made the security and compliance case for the budget for a solution, then RFPs (request for proposals) were sent out. Ottawa County relies on trusted “Pure Michigan” partners for their recommendations of security solutions, including the IT solutions company, Access Interactive who responded to the county’s RFP in partnership with Blumira’s detection and response platform. Access Interactive is a solution provider partner, one of Blumira’s many IT and security partners.
The Solution: Blumira’s Cloud Security Deployed in Days; Responsive Security Support
“When looking at Blumira, we loved its ease of implementation, which was huge for us,” Morrow said. “Other vendors would take six months to a year to get them tuned and up and running. We didn’t have that much time to fool around.”
Morrow’s team demoed ten different solutions prior to going to RFP, including ones provided by Arctic Wolf and Rapid7. They ultimately chose Blumira for its ease of use, implementation and cost-effectiveness.
“We were able to get Blumira up and running within days,” Morrow said. “It’s nice to be able to work with Blumira’s SA (Dedicated Solutions Architect) Dave and developer team to go over what we’re seeing on a monthly basis, as well as what other new products we’re deploying – we’ve been able to work intimately with Blumira’s team to get solutions spun up with us. It’s great that Blumira listens to us and we’re not just a small fish in a big pond.”
The county integrated Blumira with their cloud applications like Microsoft Office 365, Duo Security and Cisco Umbrella, as well as Cisco ASA, Cisco firewalls, Windows and Linux hosts, Cisco FTD and more to start detecting and responding to potential threats in the county’s environment.
“The honeypots are a cool add-on to the SIEM and a good way to see if there’s lateral movement on our network,” Morrow said. “It’s not something we would do ourselves, but with Blumira, we were able to click one button and deploy it.”
Honeypots give organizations like Ottawa County visibility into active threats or external attackers that could introduce risk to an environment. By luring attackers with a network device that appears to contain valuable data, Blumira is able to detect and alert IT and security teams to login attempts, device scanning, or attempts to access a file on the device.
Detecting Password Spraying Attacks & Microsoft 365 Logins From Outside Country
Through Blumira’s integration with Cisco Umbrella, a cloud-delivered enterprise network security solution, Ottawa County was able to get value out of the high-fidelity alerts that signaled confidence in real threats they could quickly respond and remediate.
“Blumira was able to detect several executive users’ machines that were infected with potentially unwanted programs,” Morrow said. “Blumira is able to spot things that some of our other security tools don’t catch.”
An attacker had compromised one of their local unit’s email accounts, sending malicious email links out and attempting a password spraying attack.
“Blumira caught the password spraying attack within 20 minutes,” Morrow said. “We were able to get out to the local unit, take the server off of the network and reimage it before it was able to do any real harm.”
Value in Automation to Reduce Alert Fatigue & Manual Threat Analysis
Ottawa County’s IT team found value in the ability to leverage Blumira’s platform without requiring security expertise or hiring in-house staff to run it.
“We like that Blumira is user-friendly and we don’t need a dedicated security analyst to maintain it,” Morrow said. “For some of the other solutions, it would probably require us to have two security analysts on staff. Blumira is well-worth the money.”
The complexity and size of Ottawa County’s IT infrastructure — 200+ servers, 150-200 network switches, firewalls, endpoints — makes ongoing security monitoring more difficult for their team that is kept busy on a daily basis ensuring operational uptime and serving the county’s employees.
“We’re required by CJIS and IRS Pub 1075 compliance to review our logs daily. There’s no way we can watch all of our infrastructure and say that we’re checking the box,” Morrow said. “Blumira has saved us time because we can’t monitor all of our logs — we would need a team of 100 to go through all of these logs manually.”
In addition to automated security monitoring, analysis and high-value alerting, Blumira’s backend is continuously updated by its development team to take the burden off of organizations.
“It has definitely saved us time and labor to have Blumira parsing the backend and looking at all of our logs,” Morrow said. “Now we’re only getting the alerts that are meaningful. We benefit from those types of alerts as they’re showing us things we don’t know. We would have never known that someone was clearing Windows logs or anything like that.”
Thu Pham
Thu has over 15 years of experience in the information security and technology industries. Prior to joining Blumira, she held both content and product marketing roles at Duo Security, leading go-to-market (GTM) and messaging for the portfolio solution Cisco Zero Trust. She holds a bachelor of science degree in...
More from the blog
View All PostsSafeguarding Municipalities Against Rising Cyber Threats
Read MoreA Guide to Compliance for State and Local Governments
Read MoreCustomer Story: City of Murrieta
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.