City of Bettendorf

Situated on the Mississippi River in the southeastern region of Iowa, the City of Bettendorf is one of the state’s fastest growing and most progressive communities. Bettendorf prides itself on traditional values while assuring its residents can reap all the benefits that come with contemporary life in a global community.

The Challenge: Seeking Cost-Effective, Low Maintenance SIEM to Meet CJIS Compliance

The city’s IT team was responsible for both IT and security; including managing police radio systems, fire department technology, public works, building PCs, troubleshooting hardware problems, replacing their ERP system and more. Monte Sonksen, IT Manager, joined as lead of the city’s IT team recently, spending the past 18 months building out their security program, finding the right tools and identifying risks to keep the agency safe.

The local government agency, City of Bettendorf, included a police department that needed to comply with Criminal Justice Information Services (CJIS), a regulatory framework mandated by the FBI (Federal Bureau Investigation) to help protect criminal justice data as processed by state, local, and federal governments’ police and sheriff departments. This helps ensure law enforcement has timely and secure access to services and data to help them stop and reduce crime.

One of the tools they were looking for was a SIEM (security information and event management) solution.

“Without a SIEM, we had issues with cyber insurance because we didn’t have anything in place,” Sonksen said.

With limited security backgrounds, Sonksen’s IT team was in the market for a low-effort, high-value solution.

“My team lacked experience managing a SIEM, so we needed a tool that would help with that, in addition to curating the ruleset,” Sonksen said. “We were primarily looking for a SIEM and needed a cost-effective solution that didn’t require us to manage it ourselves. There’s a number of free-source tools out there, but we didn’t have time to manage them.”

The Solution: Blumira’s Easy-to-Use Platform With Greater Value Than Splunk and Rapid 7

Sonksen first found Blumira when he attended a webinar; the 2023 SANS XDR/EDR Solutions Forum and saw Blumira’s CTO & Co-Founder Matt Warner demoing the product.

While the team looked at a number of different vendor solutions like Rapid 7, Qualys, Splunk, and CIS (managed SIEM services); they ultimately chose Blumira for its additional security value and ability to access their own logs directly (not always an option with managed SOC services).

“[Blumira] is not just a SIEM, but your platform provides all of the reporting on top of that; it fills a huge gap that not many other products do,” Sonksen said. “I liked that I had the ability to access and dig into our own logs for investigation. Blumira also provides curated rules and walks us through how to resolve them.”

Blumira’s lower total cost of ownership than managed Splunk, and the ease of use for IT teams were also major factors in their decision to partner with Blumira.

“Whatever solution we chose needed to present our information in a usable format. A lot of solutions show you log file entries, and that’s it – that’s not something the average IT person could translate,” Sonksen said. “We needed an easy-to-use tool, since we’re so busy doing everything else under the sun.”

Sonksen also pointed out the value of having a set of detection rules that have been written, tuned and tested against real customer environments by Blumira’s incident detection engineers. The team focuses on high-confidence indicators of attacker behavior to identify early warning signs and help walk customers through how to respond. This curation of rules also helps weed out false positives and reduce the amount of noisy alerts received so customers can focus on what’s critical.

“Once I saw the curated toolset that Blumira offered, I thought, ‘hey now, I need that and I can get that without paying Splunk pricing,’” Sonksen said. “There’s a lot of value that we can get out of that service. That made me tweak my search for SIEM and XDR.”

The Blumira Team: Excellence in Customer Support

“My overall experience with the Blumira team has been extremely positive,” Sonksen said. “Over the course of my career, I’ve dealt with lots of different vendors, sales folks, and solution engineers while managing multi-million dollar contracts at a Fortune 100 company. My Blumira experience was better than most of those experiences. It’s extremely impressive.”

When reaching out to Blumira’s 24/7 Security Operations (SecOps) team, Sonksen also found great value in the security expertise they provided for him.

“We are cybersecurity-knowledgeable, but far from experts. Being able to send an alert to your experts to look at and come back with some information was extremely helpful,” Sonksen said.

While onboarding, Sonksen had a great experience with one of our Solution Architects (SAs) that provided proactive help and flexibility when it came to getting integrations set up for the City of Bettendorf, including Microsoft 365. Their onboarding process had them up and running with their key integrations in a matter of days, including a smooth deployment of Blumira Agent that expanded visibility across their remote endpoints.

“I’m confident that if we were compromised, Blumira would find it,” Sonksen said. “Had we not chosen this solution, we would likely have had to purchase something more expensive or hired somebody to manage our security.”

Additionally, Blumira’s pricing model is based on the number of employees or knowledge workers, rather than by the amount of data ingested into the product, which is typical for many SIEM vendors in the industry.

“One of the strongest values Blumira provides is being able to have a SIEM where we’re encouraged to get as much data in there as possible, without having to be continually stressed about getting the invoice that month,” Sonksen said. “That unknown does not work in the government space. Knowing a set dollar amount is immensely valuable.”

The City of Bettendorf finds the most value in Blumira’s ability to detect threats that could have been exploited to compromise their environment.

“The biggest value is that you have people configuring the alerts to catch potential threats. If we had to configure our own alerts, we wouldn’t,” Sonksen said. “Having your research team and threat hunters behind the scenes building the rules to trigger those findings is extremely valuable.”