Cyber Security for Water Management Districts
The Client
Large Water Management District in Florida
Summary
Local municipality utilities, such as water and power, are at greater risk of attack. Whereas larger regions have more complex protections in place, small cities and counties have fewer resources and smaller cyber teams – leaving them vulnerable.
With a need to configure Microsoft Protection Suite and Sentinel for their environment as well as maximize the resources and efforts of their team, a Water Management company began its partnership with Conquest Cyber in 2019.
We set up their Microsoft Protection Suite and Sentinel – configuring it to manage monitoring and operations, augmented their team with Conquest’s Managed Extended Detection and Response Service, and used ARMED ATK’s DEFEND and SECOPS Modules to ease their team’s operations and monitoring burden.
This ongoing partnership serves to safeguard the water supply for over fifteen counties.
Problem
ADDRESS THE NEED TO PROTECT SOUTH FLORIDA’S ACCESS TO CLEAN DRINKING WATER WHILE MAXIMIZING THE EFFORTS OF THEIR SMALL CYBER TEAM
For years, Russian and other adversarial nation-state hackers have been probing American energy companies and electrical utilities. Small municipalities’ systems are most at risk, with smaller budgets and fewer resources. This is especially true in water management systems.
We joined forces with the client to maximize their effectiveness – removing 98% of their alert workload. By removing the noise, providing continuous monitoring and SOC services, our partnership enables their small team to be prepared – preventing successful breaches like that in Oldsmar, Florida. Just outside of the South Florida region, this small town’s systems were infiltrated leading to dangerously high levels of sodium hydroxide being added to the water. While discovered before causing harm, this attack raised the level of water management systems across the country.
Solution
COMPLIANCE. MATURITY. EFFECTIVENESS.
The Conquest team began its partnership with the customer by standing up and configuring both their Microsoft Protection Suite and Sentinel. This provided them with vital monitoring and operations functions.
To maximize their team’s efforts and capabilities, Conquest deployed its ARMED ATK platform to enable its DEFEND and SECOPS (Security Operations Center) modules. The DEFEND module serves as their home base with a real-time view of the environment’s maturity. The SECOPS module provides a centralized view of the environment’s security alerts and incidents. With an intuitively organized ticketing system, these alerts are clearly labeled by time, location and severity. These modules provide 24/7 visibility and alert team members of potential issues via email and push notifications directly from the ARMED ATK platform. If further mitigation is needed, the platform also provides direct access to Conquest’s elite team of cybersecurity experts.
These modules, alongside Conquest’s Managed Extended Detection and Response service, augment the customer’s team. Furthering our partnership, Conquest also provides:
BIWEEKLY TICKET AND TUNING REVIEWS
EFFECTIVENESS TESTING
QUARTERLY CYBER RESILIENCY REVIEWS
RANSOMWARE AND INCIDENT RESPONSE TABLETOP EXERCISES
Distinctives
AUGMENTED TEAM BETTER UTILIZES RESOURCES
Conquest Cyber serves as more than a vendor, but rather acts as a partner. By understanding each environments’ maturity, Conquest can adapt and adjust its services to meet its needs.
Beginning with stand-up and configuration, Conquest’s partnership with the customer has evolved to focus on 24/7 monitoring through the SECOPS module and full visibility into their cyber program through the DEFEND module. The unique capabilities of ARMED ATK dramatically improve the district’s security posture with an overlay of risk and compliance and allow them to:
- Stay on track with their requirements
- Automate and implement the collection of evidence
- Allocate each piece of evidence to each of the NIST CSF controls and better prepare for audits
- Access direct mapping to compliance requirements specific to their requirements and actionable steps towards achieving the outcome
- Make risk-informed decisions to integrate into their operations
- Organize all security alerts and incidents in their environment based on time, location, and severity
- Enable 24x7x365 Extended Detection and Response, Advanced Threat Hunting, and Managed Sentinel Service
- Access logs in their environment dated as far back as one year
Our partnership removes 98% of the alert caseload that internal analysts need to review – freeing up time for other key tasks. With our effectiveness testing, bi-weekly ticket and tuning reviews and quarterly cyber resiliency reviews, we ensure both situational awareness and preparedness. When protecting our nation’s vital resources, like water, our work protects more than cyber environments. We’re protecting our way of life and providing peace of mind.
Outcomes
MAXIMIZE TEAM’S EFFECTIVENESS BY REMOVING 98% OF ALERT WORKLOAD
Microsoft Protection Suite & Sentinel Configuration Combined With ARMED ATK’s DEFEND and SECOPS Modules reduces alerts – leaving only the critical 2% to be reviewed manually.
Combined with ARMED ATK, Conquest’s Managed Extended Detection and Response serves as an extension of their team to provide 24/7 visibility. Through their partnership with Conquest, the customer is able to more efficiently use their resources, reducing workload and saving money.
Taking the customer beyond compliance, our partnership improves their maturity, alert workload, and incident and ransomware response preparedness.
©2023 Conquest Cyber | Policies