Protecting against cyber threats at Timaru District Council with CrowdStrike

The demand for secure digital services and a changing legislative landscape around privacy and security made Timaru District Council CIO Justin Bagust reflect on his existing security tools:

“We had different point solutions for various security activities that had increased in complexity and cost over time. We also doubted the effectiveness of legacy tools to detect and prevent against even modestly capable hackers. Having a small ICT team meant we didn’t have time to look at various security appliances, manage compliance and jump between systems to understand our own environment. Security was simply getting in the way of business.”

Shifting the focus from just preventing malware, we assisted Timaru District Council in countering the actual threats they faced, both internal and external. CrowdStrike gave real-time insights into questions that could not be answered previously like,

'What risks are we not seeing?'

'Are our patches actually being applied correctly?'

'Are any users exfiltrating data out?'

Staying on top of the behaviour of users and the technical tradecraft of hackers, particularly when malware is not even used, was a significant challenge.

Understanding the status of the entire environment, what the devices were doing, and where they were communicating was previously impossible. Brad Reeve, the IT Development Team Leader, explains how the insights provided by CrowdStrike made them more agile in countering cyber threats:

“With the OverWatch managed threat hunting service we have the peace of mind that we have someone watching our back 24/7. The fact that CrowdStrike EDR records everything that devices are doing and the strong response capabilities in CrowdStrike gave us powerful but surgical precision in the way we respond to attacks. All this happens whilst minimising the impact on users who probably don’t know anything was even going on.”

Devices are the intersection of users and data. Users can present many vulnerabilities that can be exploited by hackers. The device itself, such as a server or workstation, contains the data essential to operating and making business decisions. This is the data that hackers wish to monetise by stealing it or denying access to it through ransomware.

There are numerous news stories about entire cities being held to ransom by hackers. Protecting the Council’s devices and information, but also using the device as a sensor for the wider enterprise, gives a real-time view of what is happening from the application level down to the lowest level of the hardware, such as the BIOS. This leaves cyber adversaries nowhere to hide by detecting the faint digital fingerprints of their activities and does this prior to them being able to launch their attack.

Bagust is impressed with the quality:

“It’s like having a world-class cyber threat intelligence team embedded in our own organisation. We have essentially front-footed cyber threats by being proactive in detecting malicious behaviours before they become a problem.”

Due to its revolutionary machine learning kernel agent and cloud-based SaaS platform, CrowdStrike was designed from the ground-up to be extremely lightweight, highly scalable and fast to deploy. Independent verification by MRG Effitas, AV Comparatives and SE Labs consistently rate CrowdStrike with the highest levels of certification with zero-rates of false positives.

The extremely small sensor size, no signature updates, silent install and elimination of resource-intensive scanning means CrowdStrike can effortlessly replace legacy Antivirus to deliver a full suite of security activities.

‍

Crowdstrike Modules:

Prevent – Next-Gen Antivirus

Insight – Endpoint Detection and Response

Discover – IT Hygiene

Spotlight – Vulnerability Management

OverWatch – Managed Threat Hunting

Device Control – USB device control