The client
The City of Whitehorse is a local government area in Victoria, Australia in the eastern suburbs of Melbourne. It has an estimated residential population of 172,000+.
Whitehorse City Council is a local government organisation dedicated to ensuring the confidentiality, integrity, and availability of its digital assets and sensitive information. The Council oversees a hybrid environment including in-house infrastructure and cloud-based services, managing a complex network of servers, workstations, and mobile devices. Given the increasing threats to cybersecurity, Whitehorse City Council recognised the need for a robust, responsive, and continuous security monitoring system.
Managed SOC challenges
The Council faced significant challenges in monitoring, detecting, responding to, and mitigating cybersecurity threats across its expansive IT infrastructure. Their hybrid environment included:
- 200 servers running various versions of Windows Server.
- 2 data centres.
- VMware virtual server management.
- 1000 workstations running Windows 10 and 11.
- A network with 80+ switches (Cisco), 30 firewalls (Fortinet), and 180 wireless access points (Aruba).
- Various applications, including Microsoft Exchange and SQL Server.
- Hundreds of mobile devices, including iPhones, iPads, and Android devices.
- Several cloud-based services such as Azure Active Directory, Microsoft 365 applications, Exchange Online, Intune, and several SaaS applications.
The Council required a Managed Security Operation Centre (SOC) to provide continuous security monitoring, timely detection and analysis of security incidents, rapid response to incidents, and comprehensive reporting on security posture and incidents. Additionally, the SOC needed to be cost-effective, scalable, and able to integrate seamlessly with their existing infrastructure.
Technology requirements
Whitehorse City Council’s primary requirements for the Managed SOC were:
- 24/7/365 security monitoring.
- Timely detection and analysis of security incidents.
- Rapid and effective incident response, including containment and remediation.
- Comprehensive and actionable security reports.
- Regular advice to improve the Council’s security posture and controls.
Empyrean’s Managed SOC Solution
Empyrean, in partnership with Arctic Wolf, delivered a comprehensive Managed Security Operation Centre (SOC) solution tailored to Whitehorse City Council’s needs.
SOC Implementation
The project was kicked off with a comprehensive onboarding process, introducing key stakeholders and reviewing the deployment plan. The technical kick-off was followed by a review of the order and technical documentation, set timeline expectations, confirmed onboarding data, and conducted a thorough Managed Detection & Response (MDR) and risk review. The Project then moved into sensor and scanner installation, verifying connectivity and flow for installed sensors, and preparing for log sources. This phase established a robust monitoring infrastructure, leading to the configuration and verification of essential log sources and SaaS applications.
With the infrastructure in place, Whitehorse was transitioned to production monitoring. The final customer acceptance phase marked the official transition to security services. A post-acceptance call confirmed all systems were functioning as expected, and a customisation ticket was outlined to address the Council’s specific needs. The project implementation was completed with thoroughness and precision.
Managed SOC Features
- 24/7/365 Operation: Continuous monitoring and response to security incidents.
- Service Level Agreement (SLA): Defined response times and responsibilities during incidents.
- Regular Communications and Reports: Monthly reporting and quarterly account management meetings.
- Additional Security Services: Including vulnerability assessment, penetration testing, cybersecurity consulting, incident response, compliance management, security awareness training, managed firewall services, and more.
Security Tools
Arctic Wolf’s Security Operations Cloud and client-facing portal form the backbone of the service, providing real-time monitoring, log viewing, and auditing. The technology stack includes:
- Cloud-based multi-tenanted SIEM.
- Agents deployed on endpoints.
- Network sensors installed on sites with Internet egress.
- API plugins for integration with M365, AD, Azure, AWS, SFDC, and full integration for Crowdstrike EDR and Fortinet.
Managed SOC Outcomes
The implementation of the Managed SOC by Empyrean has significantly enhanced Whitehorse City Council’s security posture. Key outcomes include:
- Reduced Security Risks: Continuous monitoring and timely incident response have minimised the risk of security breaches.
- Improved Incident Response: Rapid and effective containment and remediation of security incidents.
- Comprehensive Reporting: Detailed and actionable reports on security incidents and overall security posture.
- Enhanced Security Posture: Regular advice and proactive threat intelligence have strengthened the Council’s defences.
- Cost Efficiency: Minimal upfront investment and cost-effective ongoing management.
Empyrean together with their SOC partner vendor, Arctic Wolf, have provided council with a robust and responsive SOC which compliments council’s internal security team. Empyrean proposed MSOC solution provides council with a robust framework for safeguarding sensitive data and critical infrastructure. Leveraging cutting-edge technologies and a team of skilled security professionals, the MSOC ensures continuous vigilance against evolving cyber threats. This ensures that council can swiftly identify and mitigate potential security breaches. Ultimately, the successful deployment of an MSOC with the Empyrean team translates to stronger security posture, reduced risk exposure, and greater peace of mind for council and the community.
Empyrean’s Expertise in Cybersecurity
Empyrean has a proven track record in delivering state-of-the-art cybersecurity solutions for local government and other sectors. Our team’s deep expertise with Microsoft products and services, coupled with our strategic partnership with Arctic Wolf, ensures that we provide our clients with comprehensive, reliable, and scalable security solutions tailored to their unique needs.
If you have a similar challenge or need to enhance your organisation’s security posture, contact Empyrean today.
