IT Governance Business Case
Metropolitan Area Network (MAN) Intruder Protection
Enterprise-Wide Initiative
Confidential
Background
Currently the City of Durham utilizes Abacode Security Operations Center (SOC) which monitors and reports on activity across the City's Metropolitan Area Network (MAN) and alerts on cybersecurity activity. This SOC service works well and alerts of all malicious activity upon occurrence. However, there is no service that provides alerts for rogue devices joining the network which may have security vulnerabilities. This is the identified security gap in which this case will address.
Confidential
Current Business Problem
The City of Durham currently has a gap in the cybersecurity posture whereas unauthorized endpoints, such as Internet of Things (IoT) devices, can connect to the City's MAN, leaving the City at risk of various cybersecurity threats. Unauthorized endpoints on the MAN do not have Endpoint Detection & Response (EDR) protection, thus posing a significant risk to the City's cybersecurity posture.
EDR allows for the identification and mitigation of various security threats for City issued devices; however, it does not have the capability to identify non-City issued devices in real-time or to stop those devices from connecting to the MAN.
Confidential
Current Pain Points
• Inability to accurately identify, in real-time, unauthorized devices connecting to the City's MAN
• Inability to stop unauthorized devices from utilizing the City's MAN resources
• Inability to vet newly connected devices' alignment to City security requirements
• No current visibility into Internet of Things' that utilize the City's MAN resources
• Not currently knowledgeable of devices which aren't security compliant
Confidential
Desired Business Value - Solution
City of Durham's Strategic Plan Goal: Innovative & High Performing Organization Initiative: Develop and implement a continuous improvement model that includes evaluation and process improvement to analyze and improve City Services
It is the Technology Solutions Department's objective to manage and maintain cyber security policies, procedures and monitoring to defend the City against ongoing threats. Having a solution which identifies all devices connected to the MAN will mitigate the security risk of unauthorized and non-compliant devices engaging in malicious activity on the City's MAN.
Confidential
Future State Benefits
• Global Networked Device Inventory on the City's MAN including Internet of Things (IoT) devices
• Real-time scanning of connected devices and alerts on newly connected devices on the City's MAN
• Automated device activity investigation on the City's MAN
• Reduced environment entry points where attacker can enter the City's MAN – Global Network Visibility
• Isolation of Device-Based Threats on the City's MAN
• All authorized devices monitored with the deployment of agents on the City's MAN
• AI facilitated policy compliance enforcement on the City's MAN (Automated blocking of unauthorized devices)
Confidential
Recommended Solution and Analysis
Confidential
Recommended Solution: SentinelOne Ranger
Description
SentinelOne Ranger is a security feature that facilitates automated network protection from unwanted devices and notifies the security team of vulnerabilities, rogue devices, and unwanted or anomalous behaviors on the network
Pros
• Instant deployment & minimal maintenance
• Improved visibility of the network and connected devices
• Enhanced overall security posture
• Real-time automated network security defense
Cons
• N/A
Confidential
Analysis of SentinelOne Ranger
Company
• SentinelOne, founded in 2013, is a publicly-traded based endpoint security solutions company based out of Mountain View, California
• Industry's first solution to allow machines to autonomously protect the network and notify security teams of vulnerabilities, rogue devices, and anomalous behavior
Relationship
• City of Durham has been deploying SentinelOne Endpoint Detection and Response solution since 2020
• SentinelOne is the current EDR solution for the city. SentinelOne Ranger will augment and enhance the network protection for the City.
Change Management & Implementation
• Instantly deployed add-on feature to SentinelOne EDR
• Does not require any network changes or additional hardware
Confidential
Analysis of SentinelOne Ranger (cont.)
Why SentinelOne Ranger?
No comparative market analysis was conducted against this solution for the following reasons:
1. SentinelOne Ranger seamlessly compliments our current SentinelOne EDR solution, requiring no additional hardware or software. This solution is a simple add-on feature to the current solution
2. SentinelOne EDR is already deployed within the City's network, therefore, standing up SentinelOne Ranger is quick and easy, and costs less than sourcing a different solution, which may not integrate as seamlessly
Confidential
Recommended Solution - Project Financial Estimate
Confidential
COST ESTIMATES FUNDING Description Implementation Costs (Hours) Annual Run Costs (Hours)/ KTLO Departmental Funding Amount: $0.00 Labor $ (Hours) Internal TS: 49 hours 24 hours Funding Requested (Y/N): Yes Business Analysis 15 hours 0 hours Internal Labor New FTE- Year 1 Costs $0.00 TS Cyber Security Services 24 hours 24 hours Project One Time Costs (External) $52,304.00 TS PMO 10 Hours 0 hours *Total Project Funding Requested for Year 1 $52,304.00 Annual Run Costs $52,304.00 Professional Services $0 $0 Non-Labor $ Hardware: $0 $0 Software: $52,304.00 $52,304.00 Other: $0 $0
Risk Identification
Confidential
Description of Risk Risk Impact (High/Medium/Low) Mitigated (Y/N) Contingency(Y/N) Vendor performance Low N N Cyber Security Low N N Project Team Turnover Low N N Poor Execution Low N N
Mitigation Risk (Costs)
• N/A
Contingency Risk (Costs)
• N/A
Confidential
Our ask
We are asking the IT Governance Steering Committee to approve the business case for SentinelOne Ranger in order to enhance the overall cybersecurity posture and prevention of unauthorized devices from accessing, and conducting malicious activity on the City of Durham's MAN
Confidential
