|Utilities & Energy||Reduce risk & prevent ransomware||<100|
With a 2-person IT team managing both IT and security for the Tullahoma Utilities Authority, they needed an affordable SIEM that could analyze their logs, notify them of unusual activity, and automate their manual day-to-day security operations tasks.
Blumira’s easy-to-deploy SIEM provides oversight of their environment, notifying them of anomalous and IT-related activity to help expedite their time to respond and better assist their users while protecting the utility provider from attacks like ransomware.
Blumira has saved me a lot of time and heartache from having to parse through logs and attempt to set up log filtering. It’s like having a watchdog over the house 24/7, knowing that if an intruder does come in, it will sound the alarm. With Blumira, we can minimize risk for the company overall, giving us peace of mind.
Tullahoma Utilities Authority (TUA) is the Tullahoma provider of electricity, water, and wastewater, as well as television, internet, and telephone services through LightTube, a fiber optic network built throughout the City of Tullahoma.
As a critical infrastructure provider, TUA must protect its operating services to keep the lights on and to continue serving the community. Any disruption or outage can present significant productivity losses to customers and businesses.
With his role providing level 2 support, Christopher Reddekopp assists with day-to-day IT operations and cybersecurity for Tullahoma Utility Authority. He’s primarily responsible for managing their networking, configuration, and cybersecurity. At the same time, his operations supervisor oversees the operations and equipment for the fiber and corporate network. Their two-person team constantly has something going on as they juggle IT and security tasks for the utility company.
Reddekopp noticed the utility company was lacking in cybersecurity practices, and he suggested that they implement a solution that would look at logs and notify them when it detected anything unusual. Reddekopp faced the daunting challenge of regularly reviewing their system logs to identify anomalous and potentially threat-like activity.
“On day 1, I realized I couldn’t do this daily; this is almost impossible. I started looking for something to assist me. Blumira is a great fit for its capabilities,” Reddekopp said.
The company was also looking for a solution that would align with its bottom line while providing the security value it needed to protect its company from cyber attacks.
“We’re a small utility company and must be careful with customer funds. We needed to find a security solution that was in alignment with our budget,” Reddekopp said.
After listening to Blumira’s webinar on a pentester’s positive experience with the solution, Reddekopp looked into Blumira’s SIEM platform. To reduce overall risk for the utility company and protect against ransomware attacks, he was also interested in a solution that would help streamline his day-to-day security tasks of analyzing logs and responding to security alerts.
“We needed a solution that could parse through all the logs, let us know if something was going on that shouldn’t be, and help me in general. I’m constantly learning, and many people know more about cybersecurity than I do. Knowing that there’s a team I can call for assistance and they’ll be there to support me means a lot to me, as a one-person security operation that somebody is standing behind me, helping me out,” Reddekopp said.
Blumira’s platform automatically analyzes terabytes of data, identifying anomalous and suspicious activity, then alerting customers within a minute of initial detection. The analysis is driven by detection rules managed by Blumira’s incident detection engineers, tuned to filter out noise with new rules developed frequently to keep up with the latest attack techniques and vulnerabilities. With every notification comes a pre-built playbook that provides instructions on responding, which Reddekopp finds useful and follows to help close out findings.
“Blumira throws up any red flags when certain events occur – when an account is created or a password is reset. I log in and look at reporting to see if anything catches my eye, like if an account is trying to log in multiple times, which helps with more than just security. I can contact a specific employee to see if they have an issue and if I can help them. They appreciate that as well,” Reddekopp said.
The rollout was very successful as their small team integrated Blumira with their mostly on-premises and offsite environment, including their antivirus/malware solution, various firewalls, Active Directory, VMware, and servers. The Blumira team reached out to them often with follow-ups in the 30 days after the initial setup to ensure their full implementation went smoothly.
“If anything pops up, your support team has been fantastic. I can’t say enough great things. I work in support as well, and I get it. Your support team has been fantastic and will follow through until the ticket is closed. They are very responsive, genuine, and understanding. Even if it’s something on my side, they are still willing to lend a hand. That means a lot – that means keeping a customer as well,” Reddekopp said.
Time-strapped IT teams can do more with one solution that combines SIEM, endpoint visibility and automated response.