Utility Takes a Holistic Approach to Security

By Samuel Greengard  |  Posted 2015-11-12 Email Print this article Print

The Lower Colorado River Authority deploys a cloud-based security solution that identifies more forms of malware and addresses zero-day threats more effectively.

Ensuring that computers and other technology devices and systems are fully protected is a growing challenge for all organizations. For the Lower Colorado River Authority (LCRA), an Austin, Texas-based utility that supplies energy and water to more than 70 counties scattered across the state, it's absolutely critical.

"We have staff who are constantly in the field and need to access crucial information," says Larry Whiteside, chief security officer for LCRA. "Because they use enterprise systems in a number of ways, that introduces the risk of infection into our IT environment."

The risk of malware infection spans systems, devices and applications, including emails, USB sticks and public WiFi hotspots. "In the past, we had occasions when people out in the field accessed systems and information in a non-secure way," Whiteside explains. "They were using the Web in a way that circumvented our filters."

The primary threats include phishing attacks and other "drive-by" downloads. "If someone wasn't paying attention and practicing good cyber-hygiene, we could wind up with a very serious problem," he adds.

Deciding on Integrated Endpoint Security

The need to boost protection led LCRA to SentinelOne, a provider of integrated endpoint security protection. After extensive testing, the utility began using the solution in July 2015, and it is now in the process of rolling it out across the enterprise. The cloud-based software provides a more holistic approach to security than simply installing a collection of traditional antivirus and anti-malware tools.

"During our tests, we were able to detect more malware than in the past," Whiteside reports. In fact, security professionals at the LCRA ran test environments for the existing anti-malware software and the SentinelOne solution side by side "so we could see the exact level of protection."

Not only did the Endpoint Protection Platform (EPP) identify more forms of malware and address zero-day threats more effectively, it also provided the company with broader and deeper forensic data.

"The system allows us to see exactly where the malware is located, but it also offers deeper insights into what the malware is attempting to change and attack, and whether it was able to prevent or remediate the attack," he explains. "This information makes the forensic team a lot smarter about identifying devices that may be showing signs of malware. It gives them greater insight and helps them get to the bottom of alerts and other issues."

Finally, using a single solution has enabled the authority to remove a collection of security tools. "It eliminates long boot times and an array of functions to manage," Whiteside adds.

According to Whiteside, the biggest challenge LCRA has faced so far is uninstalling the old security software and installing the EPP. The process is somewhat time-consuming—and it has required some process changes—but it has already paid dividends. "Designing architecture to support the management of all these different areas is a challenge with traditional security tools," he says.

The cloud-based approach has greatly simplified security. "We have achieved a better level of protection with about a 50 percent savings," Whiteside reports. "It has made the organization safer and smarter about security."

Samuel Greengard writes about business and technology for Baseline, CIO Insight and other publications. His most recent book is The Internet of Things (MIT Press, 2015).

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters