Aurskog-Høland municipality: Lacked resources for the on-call service - the solution was a tailor-made MDR service with 24/7 emergency response

- "Our shoulders have previously been quite high in the department, but now they are at a more normal level. It's a big responsibility to ensure all the important services the municipality delivers to its citizens," says Espen Skarvang at Aurskog-Høland municipality.

Skarvang works as Team and Professional Developer ICT 2nd line ICT and document center, and has the operational responsibility for IT security in the municipality in Inner Akershus with just over 17,000 inhabitants. He says it has been challenging in a relatively small municipality with limited resources.

- "There are four of us in IT operations in the municipality plus me, who works mostly administratively. Just having a minimum staffing level with a back-up guard to deal with critical incidents on the network has been too expensive for us," says Skarvang.

In addition to having limited resources, the department felt they lacked control over all firewall logs. They wanted to retain these further back in time in accordance with recommendations from the National Security Authority (NSM).

- "We've had the full backing of the municipal management all the way, which has been absolutely crucial. We chose to go out to the market to outsource this, and have been working with Netsecurity for a year to put the new solution in place.

Tailored service with 24/7 MDR

Skarvang explains that the situation was previously a major burden for the municipality. The solution was therefore a tailored Managed Detection and Response (MDR) service, which combines technical solutions with human expertise.

- "We landed on an automated solution based on machine learning and artificial intelligence for handling central logs 24/7, where critical logs are taken care of by an external Incident Response Team that is always on duty. The service analyzes logs that are collected in the network.

This means that there is always someone on standby when an incident occurs.

- No matter what time of day an incident occurs, we now have someone who is on the case immediately. When an incident occurs, we can also isolate systems and shut them down as soon as it is detected.

The service is basically fully automated and checks threats against databases of previously known incidents. It is only when something is flagged that the human factor comes in to limit any damage.

- Fortunately, we haven't had many critical incidents since we put the service in place," says a relieved Skarvang.

Meets NSM's recommendations for logging

Kjellaug Johansen, head of the municipality's ICT and document center, says that it was also important for them to adapt to NSM's recommendations for storing logs.

- In order to be able to analyze data logs back in time and meet NSM's recommendations for logging, we have included Data Lake, which keeps our logs in a secure location. This increases our security considerably," she says.

Johansen says that they went through a few rounds internally to find the right balance between price and how much they should secure.

- "We've discussed back and forth a lot about how much we should secure ourselves in every nook and cranny, and landed on a solution we believe provides the best cost-benefit for our needs.

- The assessments are partly about our municipality's size, and the fact that we're not big enough to have expertise in everything. At the same time, we are part of the line to the citizens and have a responsibility to ensure valuable services, such as healthcare, that the people in the municipality desperately need," she adds.

Smooth and painless delivery

Lars Jørgen Andersen of Netsecurity, who is responsible for Aurskog-Høland municipality, explains that the service includes a portal to which the entire IT team in the municipality has access.

- Everything is up and running at the customer now, and the customer has a full overview in their customer portal. The portal contains a dashboard where the department gets a full overview of any incidents, threats and technicalities, and whether these have been dealt with.

He says that a useful feature of the portal is the ability to retrieve reports.

- "It's easy for the customer to retrieve reports and show management specifically what they're getting out of the investment. It confirms what is actually behind it, and that it is more than just an expense in the budget.

He says that Netsecurity had its first meeting with the municipality more than a year ago, and once the municipality came to a conclusion, the delivery was quick and painless.

- "After the first meeting, we put in place budget estimates and the cost picture adapted to their needs. In April this year, they came to a conclusion, and after that it only took around three weeks to complete the delivery.

Skarvang says that the delivery was completed in a very good way.

- "It's important for us to have suppliers we can trust, and I have to say that we feel very well looked after by Netsecurity. In the cases where we have had questions, we have received quick and good clarifications. We have put in place status meetings where we go through incidents, which has been very useful. It's also been easy for us to provide input, and they've been good at working things out with us. This has opened up completely new opportunities for us," he says.

Andersen says that they have built up a solid customer base in the municipal market.

- "There's been a tremendous amount of demand from the municipal market, which we find very exciting. It makes it easier for us to map their needs and tailor solutions accordingly. The solution for Aurskog-Høland municipality has been great, and frees up resources for them," he concludes.

About Aurskog-Høland municipality