Loading...
HomeMy WebLinkAboutItem 11h - Purchase of Security Software ProgramsDATE: October 5, 2021 TO: Honorable Mayor and City Council FROM: Hue Quach, Administrative Services Director By: Wilson Luo, Information Technology Manager SUBJECT: PURCHASE OF SENTINEL-ONE AND IRONSCALES SECURITY PROGRAMS FROM SCIENTIA CONSULTING GROUP IN THE AMOUNT OF $36,000 Recommendation: Approve SUMMARY One of the main goals in the Information Technology Division is to constantly improve the City’s overall security infrastructure to counter any type of cyber threats and attacks. It is recommended that the City Council approve the purchase of security programs Sentinel-One and Ironscales to help keep pace with the ever-evolving threat of attacks on the City’s systems. The total amount has been budgeted within the Citywide Security System Enhancement Project in Fiscal Year 2021-22. BACKGROUND Cybercriminals pose a persistent and evolving threat and attacks have significantly impacted many global, national, and local business and government entities. They do so by gaining unauthorized access to computer systems, encrypting data, then holding that data hostage in exchange for ransom that can reach millions of dollars. Recovery from this so-called ransomware is highly disruptive and costly for those affected. The delivery system for this ransomware and other malicious software (malware) is most often via an organization’s email system; in fact, email systems account for 94% of recent compromises. Following industry’s best security practices and leveraging the latest hardware and software can minimize the risk of being easily compromised and making it more difficult for hackers to attack the City’s system. Sentinel-One and Ironscales are the leading providers in the cyber security industry and have demonstrated their software effectively counters the challenges mentioned. Purchase of Sentinel-One and Ironscales Security Software October 5, 2021 Page 2 of 3 DISCUSSION Arcadia currently deploys a layered security model comprised of hardware, software, and disaster recovery solutions specifically designed to protect the environment from threats and quickly recover from potential data loss. Building on this model, the IT team recently completed a 30-day trial of industry leading tools Sentinel-One and Ironscales to enhance this model and accelerate any needed disaster recovery efforts. Sentinel-One as an artificial intelligence driven utility installed on all computers that provides enhanced visibility into each system and automatically identifies, quarantines, and remediates problems associated with suspicious/malicious software. Sentinel-One specializes in protecting Windows, Macintosh, and Linux endpoints from multiple vectors of attack, including file-based malware, script-based attacks, exploits, in- memory attacks, and zero-day campaigns. Sentinel-One is aligned with the National Institute of Standards and Technology (“NIST”) which established a Risk Management Framework (“RMF”) as a set of operational and procedural guidelines that a US government agency must follow to ensure the compliance of its data systems. Moreover, the utility protects against ransomware by maintaining protected copies of data files, thereby allowing for rapid recovery in the event of ransomware attacks designed to encrypt and hold hostage data files. Ironscales is an artificial intelligence utility that is continuously learning, detecting, and remediating advanced threats at the mailbox level, before and after email delivery. It can automatically triage and respond to employee reported emails, cluster similar suspicious emails into a single incident, and excels at thwarting employee impersonation, spear phishing, and credential theft attempts. Also included is phishing testing and training for internal users. Three formal quotes were requested from CDW, SHI International (“SHI”), and Scientia Consulting Group (“SCG”). SCG’s quote on Ironscales is $400 above SHI, but its pricing includes installation, setup, and configuration on 400 users’ email accounts. SCG’s quote on Sentinel-One is $900 above SHI, but its pricing includes installation, setup, and configuration on citywide servers and workstations, as well as continuous updating of malicious file lists distributed by FBI and CISA (Cybersecurity and Infrastructure Security Agency under Homeland Security). CDW was unable to offer a competitive price quote on Ironscales but also does not offer installation services. Therefore, their quote has been removed from consideration. Company Sentinel-One IronScales CDW $16,760 N/A SHI International $16,592 17,420 Scientia Consulting $17,520 17,860 Purchase of Sentinel-One and Ironscales Security Software October 5, 2021 Page 3 of 3 Scientia Consulting Group is the City’s IT contractor with in-depth knowledge of the City’s network and system. Leveraging their expertise with the installation will ensure that all systems are protected without any security gap. If the City were to choose SHI International, it is likely that the initial savings would be offset by installation costs, including charges from Scientia for assisting with the installation process. Therefore, on the whole, by going through Scientia exclusively, the City will have the lowest overall cost from the project and can guarantee the highest level of service. ENVIRONMENTAL ANALYSIS The proposed action does not constitute a project under the California Environmental Quality Act (“CEQA”) under Section 15061(b)(3) of the CEQA Guidelines, and it can be seen with certainty that it will have no impact on the environment. Thus, this matter is exempt under CEQA. FISCAL IMPACT The total cost for both programs, Sentinel-One and Ironscales, is $36,000. Both are expected to be renewed annually to ensure continuous enhanced security and will be budgeted as part of the City’s annual Operating Budgeting process. The initial costs have been budgeted in the Citywide Security System Enhancement Project. RECOMMENDATION It is recommended that the City Council determine that this action does not constitute a project and is, therefore, exempt under, the California Environmental Quality Act (“CEQA”); and approve the purchase of Sentinel-One and Ironscales Security Programs from Scientia Consulting Group in the amount of $36,000.