City of Seattle Keeps Critical Infrastructures Safe with FireEye

Case Study
City of Seattle Keeps Critical Infrastructures
Safe with FireEye
A city government might not seem the most obvious target
for overseas cyber attackers. But with major dams, regional
utilities, emergency services, and a multi-agency communications system at stake, the city of Seattle has become tempting
prey for a growing number of malicious cybercriminals.
Key Components
• FireEye Web MPS
• FireEye Platinum
Support program
“We are seeing an increased interest in infrastructure destruction by
hostile nation-states,” said Mike Hamilton, the city’s chief information
security officer. “They know they can attack our infrastructure from
the other side of the world.”
As the volume of attacks grew, the city installed a number of systemmonitoring technologies. But they were cumbersome and hard to
manage. Awash in a sea of logging data and activity alerts, the security
team spent too much time filtering out harmless network activity from
actual threats.
Officials needed a system that catches the latest malware—
including never-before-seen variants and those that exploit unknown
vulnerabilities—without the clutter of false positives.
Organization
City of Seattle
Industry
Municipal Government
Description
The City of Seattle manages a number of critical regional infrastructures, including major
dams, two regional utilities, an emergency services division, mass transit, and a radio
communications system that serves law enforcement and public safety agencies.
Challenges
• Keep critical systems safe from a growing volume of cyber attacks
• Accelerate the process of detecting, blocking, and eradicating malware
• Minimize false positives
• Integrate existing security tools
Solution
• FireEye Web MPS
• FireEye Platinum Support program
Benefits
• New and previously unknown malware detected and blocked
• Near-zero false positives
• Easy management
• Integration with legacy security infrastructure
Case Study
“If it’s organized crime trying to steal someone’s bank password, that’s bad enough. But if you knock down
a 911 center, people are going to die. We need to find malware and get rid of it quickly. That’s what FireEye
does for us.”
— Mike Hamilton, Chief Information Security Officer, City of Seattle
Easy management, no false positives
Before FireEye, Seattle’s security team spent much
of its time and labor on administrative busywork.
Managing its existing tools grew more challenging as
attacks surged. Accuracy was spotty, and validating
whether malware had successfully breached city
computers was difficult. Many alerts turned out to
be false alarms.
“We are (the) public sector, so we are thin on
resources,” Hamilton said. “We are focused on
detection and rapid response, but we don’t want
to have to throw a lot of people at the problem.”
The city agreed to a proof-of-value trial installation
of the FireEye® Web Malware Protection System™
(MPS). Within minutes of being installed, the FireEye
platform spotted compromised assets—and
provided information to isolate the threat and
remediate infected systems.
“We knew right away it was something that could
help us,” Hamilton said.
Setting up the FireEye Web MPS was painless. And
with the FireEye Platinum Support program, the city
benefits from what Hamilton calls an “open channel”
of communication. Platinum-level support includes
a target response time of one minute for hardware
and software issues. And high-severity issues are
immediately escalated.
FireEye Web MPS put to the test
The biggest test for FireEye came when Seattle and
a county government department in the Midwest
both encountered a particularly virulent malware
attack. The malware turned shared files into a
booby-trapped executable, spreading as users
tried to open them.
With FireEye, Seattle pinpointed the attack, isolated
compromised systems, and had everything back to
normal the next day. The county government that
was attacked, by contrast, was down for nearly two
weeks—under the glare of the national media spotlight.
The accuracy of the FireEye Multi-Vector Virtual
Execution™ (MVX) engine has given Hamilton’s team
the confidence to build an incident-response process
around the FireEye alerts. With easier management
and near-zero false positives, the city can efficiently
combat true threats.
“It has absolutely helped us to be extremely rapid in
beating down the compromises we face every day,”
Hamilton said. “We can trust what it says.”
With the FireEye Web MPS now fully integrated
with the city’s existing security tools, Hamilton’s team
can coordinate multiple layers of defenses. The FireEye
Web MPS appliance complements legacy tools
such as intrusion prevention system (IPS), security
information and event management (SIEM) system,
URL filtering, email security, and desktop anti-virus
(AV) software.
No security platform can reduce the volume of
external attacks. But for the City of Seattle, the FireEye
Web MPS enables dramatically faster responses, lower
costs per incident, and less business disruption.
“FireEye has become part of the operational fabric
of this city,” Hamilton said.
© 2013 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are
or may be trademarks or service marks of their respective owners. – CS.COS.US-EN.112013
FireEye, Inc. | 1440 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) | [email protected] | www.FireEye.com

Download Report