City of Fort Worth, TX, Protects Sprawling IT Environment with Powerful And Innovative Endpoint Security

City of Fort Worth, TX, Protects Sprawling IT Environment with Powerful And Innovative Endpoint Security

The 2018 Verizon Data Breach Investigations Report (DBIR) showed that the public sector is one of the top three most exploited sectors in the United States, with more than 300 reported cyber breaches in 2017 alone.  Any cyber attack on a city, county, or municipal authority, isn’t just an attack on government, it’s an attack on the critical services – utilities, police, mass transit, EMS, fire, etc. – they provide to the public.

This rise in cyber activity is a very real concern for today’s cities whose sprawling IT networks connect laptops and computers, IoT devices, as well as field-based personnel and teleworkers, creating a vast and vulnerable attack surface.

One such metropolis is the City of Fort Worth, TX. With over 7,000 employees spread across 349 square miles, the city’s distributed infrastructure is typical of many across America. Only 52% of the city’s 17,000 devices are PCs, laptops, or servers, the rest includes IOTs, gated devices, and other unprotected network devices. A small team of four cybersecurity professionals is responsible for managing this environment, led by Senior Manager of IT Security, William Birchett.

Fort Worth’s Cybersecurity Challenges are Familiar

Like many municipal governments, Birchett’s team struggles with common issues: budget, procurement rules (many state contracts and cooperative purchasing agreements can’t keep up with the speed at which adversaries are moving), and the omnipresent pressure to do more with less. With legacy tools, many of which have been in place for 15 years, the imperative to get more from existing investments is also a keen priority for departments like Birchett’s.

A critical element of Fort Worth’s security infrastructure is endpoint protection and the need to provide the same level of protection when a device is on-network, off-network or being used at home. With so many disparate and connected devices, the city’s legacy antivirus tools weren’t cutting it.

Legacy endpoint protection solutions require and rely on AV signatures, with daily update files running to hundreds of megabytes that then require a scan to be implemented. These tasks take time and effort and are a drag on performance, slowing down the endpoint. “Many of our operations are 24x7 – such as utilities and police units – and we could never find the right time of day to run disk scans,” said Birchett. “When we did run them, they’d slow down user applications.”

A lighter solution was needed that would ensure that all devices were compliant, whether connected to the office network or not. Easing the team’s administrative burden by bypassing the need to install an agent on each machine, manage that agent, and keep it up-to-date without interruption, was also imperative.

Alignment with NIST’s Cybersecurity Framework

As Birchett started down the path of evaluating vendors, his approach stressed alignment with each element of the NIST cybersecurity framework: identify, detect, protect, respond, and recover. “As we reviewed solutions it became apparent that there were differences. If you look at cybersecurity through the antivirus/anti-malware lens, there are many players. But when you start talking about the challenges and needs that we had – consolidating platforms, cost recovery, limited staff, and the need to reduce the administrative burden – that’s where the solutions started to separate,” said Birchett. One solution stood out from others: CrowdStrike.

The Power of One

CrowdStrike’s cloud-delivered, endpoint protection platform – CrowdStrike Falcon - goes beyond antivirus to deliver real-time protection and visibility, even when the agent isn’t connected to the internet. Importantly for the City of Fort Worth is that Falcon aligns with NIST’s cybersecurity framework to provide robust threat prevention, leveraging artificial intelligence and machine learning with advanced detection and response, and integrated threat intelligence — all through a highly intuitive management console.

CrowdStrike checked the box for the City of Fort Worth in several key areas:

1. Inventory Visibility

CrowdStrike Falcon provides real-time endpoint visibility and insight into applications and processes running anywhere in the environment. This was a notable challenge for the City of Fort Worth with its sprawling environment and cases where individual departments would often buy their own equipment and inventory. Protecting these assets was critical, but what struck Birchett was the platform’s ability to deliver device visibility. Falcon’s support for both the “detect” and the “identify” portion of NIST was more exciting for his team than the platform’s antivirus/anti-malware capabilities.

As we started wrapping in all the elements of the platform, I was getting excited. From day one we had visibility across all account inventory. This included local accounts that we knew nothing about and were able to quickly remediate, clean-up them up, and fix those that fell outside our password policy” said Birchett.

Furthermore, CrowdStrike provided visibility into Microsoft Office licenses and user accounts that the City was in the process of moving from on-premises to the cloud. “Beyond protecting our assets, the ability to discover and identify current and historic endpoint activity was a critical win for us,” explained Birchett.

2. Continual Compliance

A key requirement of the new security platform was that it would continually update all endpoints without the need for constant management. CrowdStrike met that need. No daily AV definitions or reboots are required, and all devices are always protected. The CrowdStrike Falcon agent (small and light) and cloud (big and powerful) work seamlessly to deliver real-time protection and visibility -- even when the agent is not connected to the internet. “If a machine was turned off for six months in a closet then turned on again, we knew it would be immediately protected,” said Birchett. “That capability helped enormously given our staffing constraints.”

3. Ease of Integration

Integration of the new platform with existing systems was another key requirement, Birchett was impressed with the Falcon management interface’s intuitive and informative view of the complete environment, with timely alerts and granular search capabilities built-in. Another big plus for Birchett is that CrowdStrike works across the open source community to help the team extend their security workflows with robust APIs to build extensions and integrations that span functional areas like incident response, SIEM, and more, reducing the burden on staff even further.

4. Staff Augmentation

Taking advantage of Falcon OverWatch, Birchett’s team benefits from an additional layer of oversight and analysis delivered by CrowdStrike’s elite team of security experts who proactively hunt, investigate, and advise on threat activity in the City’s IT environment. Working as an extension of the City’s security team, “…that alone, as we conducted our product evaluations, really brought CrowdStrike to the foreground,” said Birchett.

Going Beyond Protection

While CrowdStrike provided the critical protection that the City of Fort Worth needed across its thousands of endpoints, for Birchett inventory visibility was the biggest win. “Being able to go in and see, not just what we’re managing but what those devices are talking to and when new devices connect to the network has given us the confidence to put a lot of stake in the platform that goes far beyond antivirus protection.”

Learn More

Watch this on-demand webinar as William Birchett of the City of Fort Worth discusses the City’s endpoint protection challenges, what they needed in a solution, and how CrowdStrike delivered. This engaging presentation also includes a demonstration of the platform at work.