Cheshire County Government Mitigates Ransomware Risk and Secures Data Regulated by HIPAA and CJIS

1 week

Per month saved on file auditing

15 minutes

Spent on investigation

The monitoring provided by Netwrix Auditor has become a critical component of our security — especially given that local governments are often targeted by ransomware. Netwrix Auditor is a well-thought-out product that provides deep insight into our network and helps us detect and respond to threats faster. It makes tedious security operations simple, without affecting system performance.

Robert Hummel, IT Director
County of Cheshire, New Hampshire

Challenge

The county hosts a large amount of sensitive and regulated information, such as criminal justice data, financial information, Social Security numbers and personal health information. It was impossible for the five-person IT team to manually comb through audit logs to ensure that this data is stored securely and handled in accordance with HIPAA and CJIS requirements.
The IT director recognized the rising risk of ransomware attacks targeted at local governments. To ensure the availability and security of the data stored by the county, he wanted to enable quick detection of anomalous activity in any file server.
To ensure reliable serves for Cheshire’s citizens, the IT team needed to be able to quickly resolve issues, such as a file being improperly deleted or moved. However, investigating problems was difficult and time-consuming.

We received a report from Netwrix Auditor that indicated over 27,000 files were changed on a server with criminal justice data. We were able to quickly identify the source of the file activity and determine that the root cause was an accidental change to permissions to a top-level directory. What might have taken us days to discover manually turned into a 15-minute investigation.

Robert Hummel, IT Director
County of Cheshire, New Hampshire

Netwrix Solution

Robert Hummel, IT director at Cheshire County Government, had been using Netwrix Auditor Free Community Edition and liked how it transforms cryptic audit logs into usable information and simplifies security auditing, so upgrading to the full version of Netwrix Auditor was an easy decision. He was impressed by how little time was required to learn to use the product effectively, since the interface is clean and easy to navigate.

Automated security auditing. The software reports on activity across AD and file servers, and alerts the IT team about the most critical events, such as privilege elevation, changes to AD group membership and multiple failed login attempts, so they can respond promptly to active threats and serious policy violations. The IT group said that the software saves them two hours a day on routine file auditing, which adds up to an entire week of work every month.
Detection of ransomware and other threats. Netwrix Auditor provides a consolidated view of all anomalous activity across the county’s IT environment, so Robert and his team can quickly spot a malicious actor, whether it is ransomware, a disgruntled employee or an intruder. “If someone deleted, copied or modified a large number of files or any potentially harmful files were created, Netwrix Auditor will alert us to that. A data breach or data destruction becomes more serious the longer it goes undetected. Fortunately, the audit information we have now improves our ability to investigate suspicious activity and respond quickly,” Robert noted.
Faster troubleshooting. When the IT group gets a call that a file has been moved, deleted or modified, they don’t have to dedicate hours for investigation. Instead, they go to the Netwrix Auditor console and see what happened to the file in a matter of minutes. With the complete who-what-when-where details at hand, they can educate the person responsible for the issue about proper data handling procedures, thereby reducing the risk of similar problems in the future and ensuring uninterrupted services for county residents.

Key Benefits

Improved security of residents’ data
Mitigated the risk of ransomware
Ensured business continuity
Increased IT efficiency

Netwrix Products

Customer Profile

Cheshire County, New Hampshire, U.S., is well known as an innovative and progressive leader that provides cost-effective services to its residents. Cheshire County covers 23 towns with a population of 76,610.

Customer: County of Cheshire, New Hampshire

Industry: Government

Website: www.co.cheshire.nh.us