Local councils across the UK face hundreds of millions of cyber-attacks, and as a large London Borough we identified gaps which led us to seek a major change of strategy and significantly raise our level of cyber security.
We had relied on a SIEM tool (Security Incident and Event Management) to manage security. It was particularly weak around log and event management, while difficulties with initial configuration and day-to-day use meant that it wasn’t producing the data that Bexley needed, nor was it being updated.
The tipping point was the result of coinciding Cyber Essentials and PCI DSS (Payment Card Industry Data Security Standard) audit reports, which further highlighted gaps in areas such as intrusion detection and log management.
Our team was flooded with alerts and getting to the point where the old product wasn’t getting used. Although our team would dip into it every now and again, they would be faced with lots of logs that were pretty much meaningless and it was very difficult to drill down to find anything that was of any use. So the only benefit from having the SIEM tool was really to fulfil a tick box; there was little visibility of high priority incidents.
We faced further challenges around budget restrictions, availability of in-house skills and time needed to set up a new system.
Our team always considered that the responsibility for managing cyber security should be owned by the authority and as such was never outsourced. Yet we recognised a major change of strategy was necessary. For us, staff resources were very tight, so it made sense to have experts to set up and manage the tools in order to help maximise our time.
Bexley therefore opted for a managed security service, from Hytec, which sits behind the scenes to guard the Borough against attack. It addresses the very particular set of issues faced by local authorities; significantly enhancing the protection of systems and data, helping achieve compliance requirements and ensuring appropriate security mechanisms are in place.
Our managed security service has five core areas including: activity detection; threat intelligence; protective monitoring; asset ID and management; and vulnerability scanning. Taking a partnership approach to cyber security has significantly raised levels of cyber security, which has proved invaluable.
Our service partner managed the entire council network and we now have access to the same “single pane” one-window view of the security posture of the entire estate. Both Hytec and our internal team also have the same view of the infrastructure and this has improved reporting and strengthened the working relationship.
Through access to a complete service including people, process, technology, intelligence and compliance, we have ensured that our council's security ambitions are realised.
Bexley has strengthened its cyber defenses considerably. For instance, it has been possible to reduce the likelihood of serious security incidents to a minimum. Taking a managed security service approach has supported our in-house ICT team’s incident response procedures and informs them of the necessary corrective actions should an incident occur.
We are also able to check the accounts in use in Bexley, and from other non-UK territories at the same time, there is often a rational explanation for this, but before deployment of the managed security service Bexley had no view of this.
In a recent typical month, there were approximately 18 million possible security events, and from this about 2,000 alarms have been generated of which around six have been escalated via email and other means for further investigation, keeping Bexley cyber-safe.
The security landscape can be a confusing and frustrating area where hidden costs can quickly escalate and IT tools often do not deliver their promised gains. However our experience with a managed security partner has been very different.
Neil Gooding is information security manager at the London Borough of Bexley
