case study: city of bryan and bryan texas utilities
Learn more about how Scott Smith, CISO at the City of Bryan, Texas, and Bryan Texas Utilities integrates Sentinel into his network security strategy, guided by CIS controls.
By anyone’s standards, it’s a big job. Yet, like most local government organizations, the city doesn’t have a fat budget or an endless pool of resources to devote to security.
That’s why the city has been a Sentinel customer, and Scott has been a Sentinel advocate, for the past ten years.
“I first saw Sentinel at a Texas Association of Governments IT Managers Conference a decade ago, when security threats weren’t as nefarious as they are today,” Smith said. “It was a solid solution, and they made the market entry extremely easy for smaller organizations—no annual contract, an affordable monthly price, and you could try out the product for 30 days and if you didn’t like it, you could send it back. We’ve been customers ever since.”
According to Smith, one of the big benefits of Sentinel is that it’s managed and monitored.
“It is a wonderful fit for cities or businesses that don’t have the resources to manage a super-complex Intrusion Prevention System that requires a lot of care and feeding,” Smith said. “They do all of the security updates for you. You literally can set it and forget it.”
“Sentinel is cleaning off thousands of events that the firewall now doesn’t have to deal with.”
The Extra Layer of Security that Makes a Big Impact
Although the City of Bryan has significantly upgraded its network security over the years, as firewalls and other access control technologies have evolved, Sentinel is still a critical component to its overall security strategy.
“Our firewall now comes with a license fee that turns it into an IPS, as well. While that’s a benefit, one of the things I like about Sentinel is that it’s not our firewall provider. It’s another vendor, another layer of defense to catch what another vendor may not catch,” Smith said. “If you have the same data set across your infrastructure, you only have one set of eyes, and one set of threat intelligence. It doesn’t make sense to put all of your eggs in one vendor basket if you really want to keep your network safe.”
The City of Bryan uses two Sentinel devices—one to protect the city network and the other for the utility company network.
“We use our Sentinels just where I like them, as our first line of defense. The device sits just behind the router, so it’s the first thing that sees Internet traffic,” Smith explained. “Behind that, we have another IPS/firewall, and then we go on back through concentric circles, if you will, or layers of defensive depth, as you get closer to our core information and infrastructure. So, Sentinel gets all of the nasty stuff first.”
According to Smith, one of the most impressive Sentinel features is the company’s proprietary “network cloaking,” which makes the city’s public IP invisible to known threats.
“If they’re trying to do some sort of reconnaissance, Sentinel picks up on that, and blocks them immediately. It’s not a timeout; the device just doesn’t respond to the request, as if nothing was there. So, whomever is doing the scanning of the IP address is totally blocked from communicating with our network,” Smith said. “I can’t say that I know what the secret sauce is that makes network cloaking work, but, what I know is that it does work. “
In addition to blocking malicious traffic coming into the network, Sentinel also looks at the traffic going out.
“If it spots information beaconing out to a malware server, Sentinel takes control, blocks that communication from going out, and sends us an alert,” Smith said. “Then, we can go find that internal machine and run a scan on it, and if it’s been compromised, wipe it, or take whatever action that needs to happen.”
Having Sentinel on the network edge also enhances firewall performance.
“Sentinel is cleaning off thousands of events that the firewall now doesn’t have to deal with,” Smith said. “If there’s a vulnerability in the firewall or an open port, it mitigates that scenario. So, only the relevant traffic flows through, which is definitely a benefit.”
“It is a wonderful fit for cities or businesses that don’t have the resources to manage a super-complex Intrusion Prevention System.”
Automatic Updates. 24/7 Support.
Unlike most security solutions, Sentinel makes intrusion detection and prevention easy.
“Once they send you the box, you can set up the device in 30 minutes and it will start defending your network right then,” Smith said. “You can put in your own white and black lists, if you want, but, the Sentinel security team is going to keep the threat list in the device updated, based on the intelligence they get from the Sentinel network and other sources. There’s just not a lot of configuration that needs to be done by the end user. And, I think that fits really well with the needs of small- and medium-sized businesses and government agencies.”
How does Smith know the Sentinels are working? All he has to do is look at the numbers. In August 2018 alone, the two devices detected more than 200,000 events, with more than 900 of those high-severity events. From January through August of 2018, the two Sentinel devices detected and shut down 2.1 million events.
Equally impressive is the quality of the detection. All of this happened with few, if any, false positives.
“Very rarely does Sentinel block legitimate business-related traffic. I can’t even remember the last time that happened,” Smith said. “If that does happen, we just go in and move that vendor ID to the white list. It doesn’t come up often, and when it does, it’s easy to resolve.”
“You literally can set it and forget it.”
The Right Threat Protection Today—and in the Future
No question, Smith has seen a lot of changes over the years that impact security, from the rise of the Internet of Things and smart homes to the now- ubiquitous cloud.
“The threat landscape is so broad now with so many services in the cloud,” he said. “There are more threats, and new threats every year—so much that it’s impossible to defend against it all. You have to risk base it. You can’t just work with one company, or one solution—no matter how good—and think you are protected.”
That’s why Smith continues to be a fan of Sentinel: it’s effective, it’s affordable and it delivers on its promise.
“The more I’m in the security business, the more hesitant I am to say ‘never.’ But, as far as I know, we’ve never had a breach since we’ve had Sentinel,” he said. “It consistently does a good job for us. Even when we didn’t have an IPS firewall behind it, we were confident in its performance. It’s affordable for smaller organizations, easy to use and it works.”
That’s a value proposition pretty hard to ignore.
we can help.
From the Fortune 100 to small rural towns, we help understaffed and overworked IT teams solve their network security problems.