In the recent cybersecurity assessments done for the City of Brentwood, two of the weaknesses identified were data integrity and Microsoft active directory monitoring. One solution identified is data integrity software that will identify improper security permissions on files and folders as well as capturing who accessed, created, or deleted a file. Data integrity software can also identify old legacy files and folders that have not been accessed for many years.
Microsoft active directory is used to create and manage all user and service accounts. Currently, Technology staff do not have the means to monitor if an account is inactive, and there are no alerting tools to let Technology staff know if an account was created or given elevated access. If a hacker were to gain access to the network, their end goal would be to create their own active directory account and give it administrator's rights to the network.
After researching several software options last year, the Technology Department has selected the software, Varonis, which can provide data integrity and monitor our active directory. In addition, the Varonis software can monitor file and folder access for stored passwords, banking, and credit card information that is not encrypted. The software can also monitor if a user starts to encrypt large amounts of files and prevent the process. Presidio is offering a 3yr quote for $48,201.21 for the first year and a fixed price of $42,501.21 for the second and third years.
This will be purchased off of the EC America Immix GSA contract (#GS35F0511T). Presidio is the authorized provider under this GSA contract.
|