The City of Brampton exemplifies how to resist modern-day cyberthreats with a scalable, “do more with less” defense strategy. It rolled out a coordinated set of Microsoft Security solutions, engaging Difenda, a Microsoft Intelligent Security Association member, for managed security services. Difenda deployed and optimized Microsoft Sentinel as the linchpin solution for overall infrastructure visibility, using it in concert with Microsoft Defender for Office 365 and other Defender solutions to provide sustainable security. The City of Brampton enjoys the benefits of data-driven decision-making and a proactive security posture, creating a safer digital environment for citizens while optimizing taxpayer dollars.
Defending a microcosm of diversity, culture—and data
What’s the difference between a corporation and a city? Both manage myriad business functions, but accounting and HR are just the ground floor for a municipality. It’s in charge of the soul of the city, meeting citizens’ basic needs for safe roads, parks and recreation, and other infrastructure while enhancing community pride through celebrations, programs, and services. That broad scope evokes cybersecurity concerns for municipalities like the City of Brampton. Now a thriving city of nearly 700,000, Brampton is the ninth most populous municipality in Canada and the fastest growing of the country’s largest 25 municipalities.
To keep the City of Brampton as safe as possible from cyberattacks, the city’s IT team met the dual challenges of a growing threat landscape and stringent fiscal responsibility by engaging Difenda, a Microsoft Security service provider with MXDR (managed extended detection and response) verified solution status and a member of the Microsoft Intelligent Security Association. The municipality now optimizes its IT team with MXDR capability supported by a slate of connected Microsoft Security solutions for the visibility and responsiveness it needs to manage cybersecurity proactively.
Refusing to be a target
An increasingly connected world includes a broadening attack surface, as Douglas Elsmore, Acting Chief Information Officer at the City of Brampton, can attest. “Municipalities are very diverse because we’re not just one line of business,” he says. “As the level of government closest to our citizens, we have to be vigilant.” The city needs to stay watchful as the threat landscape grows and nation states increasingly attack critical infrastructure like traffic light systems and utilities. “Ransomware is much more prevalent than ever before,” says Gurdev Deol, IT Security and Risk Advisor at the City of Brampton. “The municipal sector is a target because smaller cities are typically underfunded, with fewer resources to combat threats to the expanding number of information infrastructures and services that we offer.”
Constraints over budgetary, legislative, and administrative areas form the other side of the public-sector challenge. “We’re never going to have too many resources,” notes Elsmore. “The key for us is to increase effectiveness and optimize our partnerships with organizations like Microsoft and Difenda.”
The City of Brampton accumulated a series of disparate tools over some years: multiple, disconnected antivirus solutions installed on different systems and a security information and event management (SIEM) system that various partners managed. “We had the tools to control the breadth of our environment, but they were a disconnected set of platforms all managed by different people,” says Deol. “We needed the consistent, consolidated approach afforded by Microsoft Security solutions.”
With frontline devices as its primary focus, the city revisited its original Microsoft Defender for Office 365 rollout, which was deployed years earlier as a standalone email protection system. In line with its emphasis on “doing more with less” and maximizing its current investments, the city also prioritized a Microsoft Defender for Endpoint adoption. “We gained a holistic perspective of our environment by aligning the rule sets and policies in Defender for Office 365 with Defender for Endpoint,” Elsmore says. “Defender for Office 365 is an invaluable part of the Microsoft Security tool set.” When city employees receive emails that contain suspicious URLs, an alert goes to the Difenda team, which then proactively contains the threat and contacts the recipient. He adds, “We can now effectively remediate malicious emails in a very short time frame with little impact on business.”
That project was only the first step of the city’s cybersecurity enhancement plan. The city enabled Microsoft Defender for Identity to ingest its on-premises domain controller events that originate from user access issues, and it then replaced its previous SIEM solution with Microsoft Sentinel. The City of Brampton uses analytics from Microsoft Sentinel, which ingests about 120 gigabytes of data a day to help protect some 4,000 devices. Finally, the city deployed Microsoft Defender for Cloud Apps. “We’ve barely begun to scratch the surface of how much shadow IT that Defender for Cloud Apps can uncover,” adds Deol.
Making cybersecurity everyone’s responsibility
The City of Brampton’s IT team meticulously rolled out an integrated security suite with the human element top of mind. “Technology is only one piece of the puzzle,” says Elsmore. “People and process are the core components, and technology is the enabler.” He also points to the evolution of IT—the commoditization of devices that has made computer ownership ubiquitous and the shift from technology creation to integration.
The City of Brampton found a reliable ally and a shared vision for cybersecurity excellence in Difenda, a Microsoft-designated Solutions Partner for Security. By partnering with Difenda early in 2022, the city scaled its infrastructure without increasing staff, realizing the full benefits of its Microsoft investment while trusting ongoing monitoring to Difenda.
Partnering on cybersecurity defense
Difenda’s expertise with Microsoft Security solutions was a game-changer for the city. “Our approach empowers our customers to enhance their security measures, proactively manage risk, and draw from the entire Microsoft Security ecosystem to get the most out of their investment,” says Natasha Phanor, Microsoft Partner Manager at Difenda. “We are a cybersecurity-first, Microsoft-only company focusing all our time and energy on delivering the best security service possible for our customers.”
Adds Megan Miller, Public Sector Sales Specialist at Difenda, “Our modular approach to security services allows our customers freedom of choice and flexibility in their security solutions. They have single-pane-of-glass visibility because we customize the Difenda Shield environment to the customer’s needs with playbooks, use cases, and dashboarding.” Elsmore appreciates that flexibility. “One of the great things about Difenda Shield is that it’s a connected solution from a vendor that’s closely aligned with us,” he says. “We own the Microsoft licenses and the data, and Difenda partners with us to manage the environment and provide value-added services that give us the time we need to better protect our business.” The Difenda team has closed 70 percent of the City of Brampton alerts, effectively removing noise.
Difenda delivered on its commitment to help the City of Brampton accelerate its cybersecurity through comprehensive threat profiling techniques and complex response capabilities. “We constantly search for better ways for our customers to understand risks, contain threats faster, and strengthen their security posture,” says Matthew D’Angelo, Cloud Security Engineer at Difenda. “Our Configuration Management Database (CMDB) provides an added layer of context to alerts and incidents that many businesses have not been able to correlate. After working with the City of Brampton team for so long, it’s refreshing to see how its ability to prioritize and respond has changed with this added layer of information.”
Difenda Shield interoperates with the Microsoft Security product portfolio, collecting data from Microsoft Sentinel and feeds from the Defender suite for a seamless management experience. The platform uses machine learning and analytics to correlate activity, normalize information, and identify threats across an organization’s entire network.
The City of Brampton made full use of Difenda services backed by Microsoft solutions to elevate its cybersecurity maturity and help ensure seamless service to its citizens.
Figure 1. Alignment between Microsoft and Difenda security offerings.
Staying ahead of cybercrime
Allocating funding for a security upgrade was an easy choice for the City of Brampton. “No one wants to experience a cyberattack. Our Microsoft Security solutions and Difenda Shield are like a form of insurance,” says Elsmore. Visibility is key for him. “We can make data-driven decisions with the visibility we’ve gained from using Microsoft Security solutions and Difenda Shield,” he continues. “And that data exposes gaps in processes that at first glance may have appeared to work perfectly, which is key to improving our systems and optimizing our resources.”
“Struggling to stay ahead of malicious actors can be daunting,” concludes Elsmore. “Cybersecurity is our top IT priority, and we use the visibility and data we get from our Microsoft Security solutions to maximize our edge and be as proactive as possible.”
“We gained a holistic perspective of our environment by aligning the rule sets and policies in Defender for Office 365 with Defender for Endpoint.”
Douglas Elsmore, Acting Chief Information Officer, City of Brampton
Follow Microsoft