New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Town of North Haven leverages human expertise and MDR technology to keep its services running smoothly for its citizens 

Ransomware is a huge concern for Connecticut town 

The Town of North Haven, Connecticut, with a population of nearly 25,000 people, prides itself as a “unique blend of small-town living, great schools, retail establishments, restaurants, shopping and services.” Along with the amenities, the town’s emergency services keep everyone safe and provide help when needed. With an increased spotlight on how cyberattacks can shut down technology that powers these crucial services, towns like North Haven are seeking increased cybersecurity protection. 

Alex Linos, Director of Information Technology for the Town of North Haven, sought to improve the town’s security posture when he took the role. A nearby town had been hit with ransomware, making national news, and Linos wanted to avoid a similar fate for North Haven. He had also triaged a ransomware attack for a customer while working in a prior role. “I’ve seen the repercussions of having to restore backups for days, and trying to figure out how they got in. I wanted to make the right decision for the taxpayers of this town. There’s a lot of personal data of individuals that, if it got out, people would pay for it.” 

In addition to data, the town’s critical services are under the umbrella of what Linos and his team need to keep safe from cyberattacks. “If the computer-aided dispatch (CAD) system, which helps deploy the appropriate emergency service when someone calls 9-1-1, goes down or gets ransomed, not only are we affecting their workflow and the amount of time to get someone out there, but we’re potentially endangering people’s lives. That’s not something to take lightly,” he says.  

Most municipalities don’t have the budget for a security team, and most rely on information technology professionals to cover all aspects of tech, including cybersecurity. That makes towns like North Haven larger targets for threat actors. Linos says he knows of people in IT with the mindset that they have antivirus, so they should be fine. “The reality is, you are not fine,” he says. “You are low hanging fruit, and these bad actors know that … and they are more likely to try to phish you.” 

Linos understood the ramifications of what is at stake for the residents of the town, and knew that with a two-person team, he had to bring in a third-party vendor who could monitor around the clock. He started by evaluating what vendors other towns and local schools were using. 

During his research phase for endpoint protection vendors, he found many vendors offering “machine learning” features, with human oversight offered at a higher-cost tier of service. “That’s when I started to look at managed detection and response. I was looking for that human element,” Linos said. Two selling points that led him to select Binary Defense over other vendors were the industry recognition of co-founder and CTO, David Kennedy, and the fact that “someone signs on every twelve hours, give you their contact information, and they actually pick up the phone. If an event happens, they try to get ahold of you.” 

Since choosing Binary Defense MDR, Linos has noted that the human element has given him additional eyes on glass. “It’s allowed us to augment our staff. We have someone who is there 24/7 and that has not only given us peace of mind but has also helped us get better with our security posture.” 

The human aspect makes a difference 

Linos says that his interactions with the Binary Defense SOC analysts have all been positive. “They are courteous and genuinely concerned. They are familiar with our environment and know what the normal stuff is. They are looking for the things that are NOT normal in our environment. With an actual human who knows us, something WILL stick out to them. You don’t get that with an AI-driven product or a next generation product.” 

Linos and his team wear a lot of hats within their roles in IT, and don’t have time to fully devote themselves to keeping up-to-date with all of the happenings in the security world. And that’s why, in partnering with Binary Defense, “having that other set of eyes on the device really helps us. Someone who can recognize the signals and the noise, that—for example—a computer is beaconing out to a weird website, and it does it every hour. That’s not normal. We should take a closer look at it.”  

He said he would recommend Binary Defense’s services to others and points out that if the budget is a challenge, “ask yourself if you could take that money and put it into a security professional that sits on your staff? 9 or 10 times out of 10 the answer is going to be no. When you add that in to the cost of the product, it speaks for itself. You’re getting somebody looking at your environment that is an actual human that learns your environment. That is something you would need somebody on staff to teach. That’s what Binary Defense does.” 

He concludes, “If you’re having an event, would you rather get an email about it, or have a human call you if something is going on? For a miniscule difference, it would be worth it to your municipality or city to really choose the human element over the machine.”