The City of San Diego is the 8th largest city in the US and has over 12,000 employees, numerous vendor partnerships, as well as a vast array of diverse systems and devices to protect.
In addition to more traditional endpoints and data centers, the City must protect each new piece of smart technology it implements. These include smart street lighting where adaptive controllers and LEDs work to reduce energy consumption based on foot and street traffic analysis; smart parking, in which networked sensors ease congestion with driver communications and dynamic pricing; smart grid, where data collected from smart meters and phasor measurement units increase grid reliability; smart water utilities for fresh and wastewater management; the list goes on.
You can imagine, then, that the network would be a significant asset—both due to cost and the fact that it’s the connective tissue between all business processes, city services, critical infrastructure, and various devices. Because of the diverse and widespread nature of City devices, the network that connects them is constantly exposed to attacks from all entry points of the perimeter, VPN, WiFi, and from internal people using infected devices.
Some Attacks Are Too Sophisticated For Legacy Security Tools
While legacy security tools can catch up to 95% of the attacks from known threat vectors, the most sophisticated attackers use new forms of polymorphic malware and take advantage of the new attack vectors presented as more devices are added to the network. The remaining 5% of attacks that are too dynamic to be detected by legacy solutions now comprise a serious security gap.
To address the 5%, the City of San Diego has adopted Webroot FlowScape® Network Behavioral Analytics. FlowScape Analytics accelerates network threat detection by automating network monitoring and leveraging supervised and unsupervised machine learning algorithms to protect the City’s core asset: its network. The software can find both known and unknown threat activity by first studying normal network traffic to establish a baseline, next identifying any unusual behaviors and then using advanced heuristics to do a risk assessment.
FlowScape Analytics technology allows us to determine risk of system-wide user behavior and flag anomalies for remediation. – Gary Hayslip, CISO, City of San Diego
Here’s How FlowScape® Analytics Enhances Smart City Networks
What makes FlowScape Analytics special is the additional insight it provides. Most network protection solutions only look at direct traffic between endpoint devices and the internet, i.e. North/South traffic. But what about communications between internal devices within the network (East/West traffic)? FlowScape Threat Detection is tightly integrated with the Webroot BrightCloud® Threat Intelligence Platform to connect the dots between North/South communication and East/West communication. It monitors, maps, and learns both IT and IoT/SCADA/PLC communications. It also detects insider staff and vendor behaviors, which greatly increase risk through policy violations. FlowScape Analytics keeps a real-time asset inventory of anything that talks on the network, and the ports they normally communicate over. The end value is the added visibility across the entire threat landscape of a smart city network.
San Diego Improves Critical Infrastructure with FlowScape® Analytics
Since staff is limited, automating security tools has been a critical requirement for the City. Think of FlowScape Analytics like putting a security analyst in Ripley’s power loader from Aliens. Security analysts don’t have the time or resources to deal with the constant barrage of alerts, so the security framework needs to be able to do some serious heavy lifting on massive amounts of data to determine which network activity is threat related. By implementing FlowScape Analytics to protect their infrastructure, that’s exactly what the City of San Diego has done.
With a daily count of approximately 500,000 cyberattacks against the city of San Diego networks, Webroot FlowScape Analytics gives us the network visibility we need to protect critical infrastructure and services. – Gary Hayslip, CISO, City of San Diego.
For more information about FlowScape Analytics, download our datasheet.