An immediate priority was determining the source of the breach. “That initial response is a very complicated operation with a lot of moving parts,” explains Bulletproof COO Jeff Shaw. “We had to deal with the complex technical issues of forensic analysis and sever partner connections in addition to the internet. For the CIO, it means navigating operational impact while also working with law enforcement, insurance, external counsel, partner organizations, and other stakeholders.” Bulletproof worked with the City’s IT to develop a detailed path forward, laying out the recovery steps.
Working as a single integrated team, the City of Saint John’s IT team and Bulletproof began to rebuild the City of Saint John operating environment, layering in security with the end-to-end Microsoft Security solutions stack. It deployed the Bulletproof 365 Enterprise system, which seamlessly merges Microsoft Sentinel with Microsoft 365 to deliver comprehensive intelligent security.
“We deployed Microsoft Sentinel to fix the ‘blind spot’ that happens with traditional log-based SIEMs,” explains Shaw. “The visibility and capability we get with Microsoft Sentinel far exceeds that of the previous SIEM. We brought the signal into our security operations center with Microsoft Sentinel for a real-time overview of the entire estate. It was critical to spot any threat that could delay reinstating the network and operating systems to fully restore IT functions.”
Implementing the Microsoft Security stack was already on the City of Saint John’s roadmap, so the Bulletproof team was able to swiftly rollout Microsoft Defender for Endpoint to secure the City’s servers and other endpoints, Microsoft 365 Defender, and Microsoft Defender for Cloud. “In this situation, where we needed ultimate confidence to ensure that everything brought back online was highly secure, the Microsoft Defender suite was critical,” says Johnston. “Defender for Endpoint is invaluable in alleviating the fear of residual malware in on-premises servers as systems come back online.”