Cybersecurity is non-negotiable in a distributed, remote environment

Visibility and Improved Alerting for the City of Charlotte, NC

The City of Charlotte, NC relies heavily on technology for essential services such as public safety, transportation, energy and utilities, healthcare and more. With the increasing interconnectivity of these systems, a cyber-attack on any one of them can have significant consequences for the entire security framework. A comprehensive Enterprise Security / SOAR solution was needed to provide effective visibility and alerting across multiple tiers and security appliances. 

Charlotte needed a managed detection and response program that could ingest data from many organizations into their SIEM. Each department has unique issues and needs, but none more important than the other. Serving the fire, police, banking, utilities, airport and internal city departments required one platform with independent instances and incidences to consider. The city took a proactive approach to this problem, and selected TekStream to set up and manage their security.  

Technologies Involved

Managed Security

Managed Security
SOAR

TekStream Managed Detection and Response

Managed Detection and Response

Key Pain Points

Sensitivity of data – ie: 911 services rely on security. Their functions have direct impact on lives of their constituents.

As a major banking center, the city is a target for financial attacks. TSA and DOJ require city-level SOAR approach to security

Prior security program was advice-based and not proactive, automated incident response

A multi-pronged approach to security has been taken, including these essential elements:

Network Security: Secure the city’s IT infrastructure and prevent unauthorized access to sensitive information.   

Endpoint Security: Secure devices such as laptops, smartphones, and servers against malware and other threats.   

Application Security: Secure city applications and prevent attacks such as SQL injection and cross-site scripting.   

Data Security: Ensure sensitive data is stored and transmitted securely and that access to this data is controlled and monitored.   

Disaster Recovery and Business Continuity: Ensure essential services can continue in the event of a cyber-attack or natural disaster.   

Training and Awareness: Educate employees and citizens about cyber security best practices and raise awareness about potential threats. Worked with Splunk to augment their knowledge of the topic and they are able to share with constituents  

Key Successes

  • Incident response plan is in place with playbooks and a communication strategy that informs their team of mitigation and remediation needed. 
  • Created executive dashboards for leadership and execs/elected officials with limited access so they could see/understand and speak to security needs and profile of the city.
  • Aggressive implementation schedule to meet the needs of the city.

Industry: Municipality & Government

Budget: $3.3B annually

Constituent Size: 879k citizens 

Number of Employees: 7500+

Charlotte is the 15th largest city in the United States, and is ranked as the 7th fastest-growing large metro area. Their goal is to be smart, proactive and sustainable to develop a city where everyone can thrive. The city has been hard at work to bring strategic plans to life to support these efforts and fulfill the mission of ensuring the delivery of exceptional public services that promote safety, health and quality of life.