If FireEye email security blocks a new type of malware, Alexandre shares the information with every operating manager in his group. That way, they can use the intelligence gleaned from FireEye to update the city’s other security devices.
The city also subscribes to a FireEye threat intelligence feed that provides it with actionable information on how to stop the latest global threats. “Through that feed, we can gain valuable information to prevent the next attack,” Alexandre says. “It provides enough information for us to take actionable steps.”
MORE FROM STATETECH: What are some of the top anti-phishing best practices for state and local governments?
Rancho California Water District Deploys Multilayered Defenses
Back on the West Coast, the Rancho California Water District manages water for 45,000 residential and commercial customers. It also runs multilayered defenses, which include Palo Alto Networks firewalls and Traps endpoint security, plus Extreme Networks’ Extreme Management Center.
Together, they secure two redundant data centers, key enterprise applications that include billing software and a wireless network that grabs customer water usage information from automated meters, says Dale Badore, data center operations supervisor for the special district in Temecula, Calif.
The Extreme Networks software monitors network traffic and application performance and seeks out behavioral anomalies; if it spots them, it sends alerts, Badore says. Meanwhile, he can log in to a dashboard to check real-time threat activity, including top threats and top high-risk applications.
“We look at the top applications and decide whether we need to focus on certain issues to lower that risk factor,” he says.
The Traps dashboard alerts him to security events, which are color coded for severity. Yellow is a medium threat; red is critical. If Traps spots something significant, it will email him.
Badore also subscribes to threat intelligence reports from the Department of Homeland Security, the Multi-State Information Sharing and Analysis Center, the San Diego Law Enforcement Coordination Center, FireEye and others.
He gets daily emails on the latest threats, and if a threat affects a product the district uses, he forwards the information to his team.
Overall, Badore says, the security tools and the threat intelligence reports allow him to be proactive. “It’s building the foundation, having the tools in place and reacting to the threat reports, then applying fixes or some type of mechanism to make sure we are protected and mitigating threats,” he says.