Fredensborg Municipality: Strengthened security level

Fredensborg Kommune is a municipality in Region Hovedstaden, Denmark. The municipality covers an area of 112.13 km2, and has a total population of 39,551. The municipality was created on 1 January 2007, in a merger of the former municipalities of Karlebo Kommune and Fredensborg-Humlebæk Kommune.

Fredensborg Palace is the Danish Royal Family’s spring and autumn residence.

“As an IT department in a municipality like Fredensborg, we are subject to many requirements and have a very wide range of tasks,” explains IT Operations Coordinator, Preben Klit, from Fredensborg Municipality. “GDPR requires a high degree of traceability and data security. Users must be able to work freely and flexibly in a secure IT environment. And we handle quite large amounts of sensitive personal data, which must absolutely not be seen by unauthorised persons.”

Klit mentions the municipality’s ESDH case management system (Electronic Documents and Records Management) as well as the forthcoming NSIS standard (National Standard for Identity Assurance Levels) as two examples of IT systems that handle personal data. He elaborates:

“It’s crucial that the public feel that their data is in safe hands. That requires ongoing monitoring of network traffic and servers if we are to capture irregular events, errors, and attack patterns that need to be responded to. The challenge is not only that many log files are generated from firewalls, databases, servers and various applications, but that you also need to know what to look for. This is where the MDR solution from Dubex comes in.”

The alternative is to expand by three man-years

If Fredensborg Municipality itself were to be responsible for the monitoring, it would require the employment of three IT security specialists to ensure the same level of service around the clock. Which of course, is not realistic, but Klit mentions another important reason why Managed SIEM and the Managed Detection & Response (MDR) solution from Dubex’s Cyber Defence Centre can add value.

“As mentioned, you need to know what to look for when monitoring a large number of log files, and Dubex has built up a very large library of use cases for the purpose, which gives the solution a good start. For example, this could be changing a large number of passwords at one time, suspicious IT behaviour at night or attempts to access without rights. There’s a whole catalogue of the type of scenarios that need to raise red flags and that we need to respond to,” says the IT Operations Coordinator.

For an IT department with seven employees to handle security and operations complemented by six colleagues for support, it’s simply not realistic or profitable to expand with the type of expertise that does not directly contribute to day-to-day operations. To ensure a high level of security, outsourcing is a logical option, so that – as in this case – you get a large group of certified experts on the team around the clock.

Well-documented processes for implementation

Mikkel Angermann is Security Advisor at Dubex and responsible for the agreement on the Managed SIEM and MDR solution for Fredensborg Municipality. He agrees with Preben Klit on the value of the many use cases:

“We have a solution with so many use cases as standard that it is usually limited how the solution should be adapted in addition to the standard. There’s also another important aspect to having many years of experience in the field of monitoring, and that’s to ensure actions that are both fast and correct when needed. We have a large amount of learning accumulated in the organisation, so we can act on the basis of well-documented processes and ensure precious time is not wasted when the minutes count in relation to mitigating the consequences of an incident,” states Angermann.

In addition, Dubex assists with detailed reports on incidents as well as quarterly reporting, so the solution is also part of a learning process for the customer. This is also vital documentation for management, IT auditing and other stakeholders.

It turned out that we were doing quite well

It was in February/March that the agreement was entered into between Dubex and Fredensborg Municipality, and at the beginning of May the start button was pressed. Since then, an onboarding process has taken place, and employees in the municipality’s IT department were excited about what the day would be like when the very fine-meshed monitoring began.

Preben Klit: “Was there anything we’d overlooked? Had we been compromised? Were there Trojans in the system? “These were some of the questions we asked ourselves, but with the roll-out there was surprisingly little to catch up on, because it turned out that we were doing quite well.”

The IT Operations Coordinator and his colleagues had set up a server account in connection with the rollout, and the employees had attended IT security training at the Dubex Academy, so they could access the Cyber Defence Centre portal and make decisions on the incidents and where a red flag should be raised at Dubex. The service is an interaction and not one-way communication.

“We make the decision on whether it is a serious incident or not, so we must be able to access the portal and operate the system in dialogue with Dubex. Fortunately, there has not been a lot of activity, but we’re ready if it should happen, and can now take things in our stride,” says IT Operations Coordinator Preben Klit and he concludes: “The collaboration with Dubex has worked well and I can only say that the solution has run smoothly since its rollout.”

Address tomorrow’s challenge, today.

Talk to an expert about how we can secure your business