HomeMy WebLinkAboutItem 11h - Purchase of Security Software ProgramsDATE: October 5, 2021
TO: Honorable Mayor and City Council
FROM: Hue Quach, Administrative Services Director
By: Wilson Luo, Information Technology Manager
SUBJECT: PURCHASE OF SENTINEL-ONE AND IRONSCALES SECURITY
PROGRAMS FROM SCIENTIA CONSULTING GROUP IN THE AMOUNT
OF $36,000
Recommendation: Approve
SUMMARY
One of the main goals in the Information Technology Division is to constantly improve
the City’s overall security infrastructure to counter any type of cyber threats and attacks.
It is recommended that the City Council approve the purchase of security programs
Sentinel-One and Ironscales to help keep pace with the ever-evolving threat of attacks
on the City’s systems. The total amount has been budgeted within the Citywide Security
System Enhancement Project in Fiscal Year 2021-22.
BACKGROUND
Cybercriminals pose a persistent and evolving threat and attacks have significantly
impacted many global, national, and local business and government entities. They do
so by gaining unauthorized access to computer systems, encrypting data, then holding
that data hostage in exchange for ransom that can reach millions of dollars. Recovery
from this so-called ransomware is highly disruptive and costly for those affected. The
delivery system for this ransomware and other malicious software (malware) is most
often via an organization’s email system; in fact, email systems account for 94% of
recent compromises.
Following industry’s best security practices and leveraging the latest hardware and
software can minimize the risk of being easily compromised and making it more difficult
for hackers to attack the City’s system. Sentinel-One and Ironscales are the leading
providers in the cyber security industry and have demonstrated their software effectively
counters the challenges mentioned.
Purchase of Sentinel-One and Ironscales Security Software
October 5, 2021
Page 2 of 3
DISCUSSION
Arcadia currently deploys a layered security model comprised of hardware, software,
and disaster recovery solutions specifically designed to protect the environment from
threats and quickly recover from potential data loss. Building on this model, the IT team
recently completed a 30-day trial of industry leading tools Sentinel-One and Ironscales
to enhance this model and accelerate any needed disaster recovery efforts.
Sentinel-One as an artificial intelligence driven utility installed on all computers that
provides enhanced visibility into each system and automatically identifies, quarantines,
and remediates problems associated with suspicious/malicious software. Sentinel-One
specializes in protecting Windows, Macintosh, and Linux endpoints from multiple
vectors of attack, including file-based malware, script-based attacks, exploits, in-
memory attacks, and zero-day campaigns. Sentinel-One is aligned with the National
Institute of Standards and Technology (“NIST”) which established a Risk Management
Framework (“RMF”) as a set of operational and procedural guidelines that a US
government agency must follow to ensure the compliance of its data systems.
Moreover, the utility protects against ransomware by maintaining protected copies of
data files, thereby allowing for rapid recovery in the event of ransomware attacks
designed to encrypt and hold hostage data files.
Ironscales is an artificial intelligence utility that is continuously learning, detecting, and
remediating advanced threats at the mailbox level, before and after email delivery. It
can automatically triage and respond to employee reported emails, cluster similar
suspicious emails into a single incident, and excels at thwarting employee
impersonation, spear phishing, and credential theft attempts. Also included is phishing
testing and training for internal users.
Three formal quotes were requested from CDW, SHI International (“SHI”), and Scientia
Consulting Group (“SCG”). SCG’s quote on Ironscales is $400 above SHI, but its pricing
includes installation, setup, and configuration on 400 users’ email accounts. SCG’s
quote on Sentinel-One is $900 above SHI, but its pricing includes installation, setup,
and configuration on citywide servers and workstations, as well as continuous updating
of malicious file lists distributed by FBI and CISA (Cybersecurity and Infrastructure
Security Agency under Homeland Security). CDW was unable to offer a competitive
price quote on Ironscales but also does not offer installation services. Therefore, their
quote has been removed from consideration.
Company Sentinel-One IronScales
CDW $16,760 N/A
SHI International $16,592 17,420
Scientia Consulting $17,520 17,860
Purchase of Sentinel-One and Ironscales Security Software
October 5, 2021
Page 3 of 3
Scientia Consulting Group is the City’s IT contractor with in-depth knowledge of the
City’s network and system. Leveraging their expertise with the installation will ensure
that all systems are protected without any security gap. If the City were to choose SHI
International, it is likely that the initial savings would be offset by installation costs,
including charges from Scientia for assisting with the installation process. Therefore, on
the whole, by going through Scientia exclusively, the City will have the lowest overall
cost from the project and can guarantee the highest level of service.
ENVIRONMENTAL ANALYSIS
The proposed action does not constitute a project under the California Environmental
Quality Act (“CEQA”) under Section 15061(b)(3) of the CEQA Guidelines, and it can be
seen with certainty that it will have no impact on the environment. Thus, this matter is
exempt under CEQA.
FISCAL IMPACT
The total cost for both programs, Sentinel-One and Ironscales, is $36,000. Both are
expected to be renewed annually to ensure continuous enhanced security and will be
budgeted as part of the City’s annual Operating Budgeting process. The initial costs
have been budgeted in the Citywide Security System Enhancement Project.
RECOMMENDATION
It is recommended that the City Council determine that this action does not constitute a
project and is, therefore, exempt under, the California Environmental Quality Act
(“CEQA”); and approve the purchase of Sentinel-One and Ironscales Security Programs
from Scientia Consulting Group in the amount of $36,000.