Townsville City Council protects its community with cyber security
Challenge
Saddled with system limitations, Townsville City Council wanted to increase its resilience against threats with an automated, more efficient approach to cyber security.
Outcome
Townsville City Council gained 24/7 holistic security visibility and accelerated threat hunting with Orro based on the Splunk platform, slashing SIEM operating costs and streamlining compliance.
VISIBILITY IS VITAL IN THE FACE OF INCREASING CYBER THREATS
Serving 200,000 residents, Townsville City Council (TCC) is the largest regional council in Queensland, Australia. TCC is committed to fostering sustainable growth through driving economic diversity and generating an enriching lifestyle.
While cyber security is of top importance to TCC, security issues were being handled manually, which did not offer full threat visibility and impacted residents’ trust. TCC engaged a new managed cyber security service from Orro — powered by the Splunk platform — to adopt a more holistic approach to cyber security and tackle ever-changing needs and threats.
DATA-DRIVEN OUTCOMES
- ~85% faster threat hunting
- 65% savings in SIEM operating costs
- Improved customer experience
THREAT HUNTING WITHIN MINUTES
Based on the Splunk platform, Orro offers 24/7 managed services through a locally operated security operations centre (SOC). TCC can now identify root causes of security events through automated data correlation, turning data into holistic security visibility across its digital environment. While other third-party vendors only support 30 days of logging, Splunk lets TCC search months of data and correlate it with new events — helping uncover potential security breaches in the supply chain.
With Splunk applied across all security operations, Orro empowers TCC to accurately identify suspicious activities, infrastructure misconfigurations and exploitable vulnerabilities while prioritizing security alerts according to risk level. Critical threats now never go unnoticed and are always escalated — quickly.
Previously, it could take Council up to 50 minutes to explore a security issue. Now the team is now able to address concerns about 85 per cent faster thanks to Splunk.
Improved logging also streamlines compliance and fulfils audit requirements, particularly when dealing with low staff members due to sickness or holidays. Now, Splunk breaks through the complexity with full security visibility that allows TCC to make informed decisions that improve its security posture — boosting user experience.
SERIOUS COST AND TIME SAVINGS
Thanks to Orro’s professional consulting service and the Splunk-based SOC, TCC has slashed SIEM operating costs by 65%, freeing up vital funds for other priorities which can be reinvested into other cyber security initiatives.
Since the Splunk platform is highly scalable, TCC can integrate new solutions into its IT environment by using Splunk’s extensive library of existing integrations. New product onboarding into the SIEM environment is also faster. Because of Splunk’s leadership in the industry, other vendors already have relevant support solutions in place, which reduces the need for bespoke solutions and saves ongoing SaaS costs and implementation time.
Every day, Splunk solutions help TCC filter security alerts for more efficient troubleshooting. Orro’s security analysts are committed to constantly reviewing incidents for the council, leaving employees with more time to concentrate on governance, risk management and compliance tasks. And Orro’s service is not limited to the SOC. By leveraging the power of Splunk, it has fully addressed all requirements and made significant inroads to TCC’s cyber security maturity journey.
The collaboration between Orro and Splunk creates a perfect combination of human ingenuity and machine intelligence, which allows TCC to even go further than expected. With the wealth of enterprise ICT knowledge possessed by the security architects and engineers from Orro — which is one of the few organizations in Australia offering resources with ICS/SCADA security and industry-specific training — TCC is able to glean maximum benefits from the Splunk platform and readily map business requirements to optimal technical outcomes.
A new standard for customer experience
TCC’s system now runs smoothly with maximum uptime and service availability. The organization addresses potential security issues within minutes with an immediate follow-up call to the impacted customer. As a result, customer experience and trust — core principles for TCC — have soared. And since TCC can better monitor areas that it previously could not cover — analysing local data instead of relying on U.S.-based information — the organization can focus more on high-value and high-risk areas, better safeguarding the health and well-being of the community and environment.
With Orro and Splunk now filling any gaps in technology, TCC can focus more on fueling continued growth of its cyber security team and optimising critical business processes. The result? Better user experience and a more resilient community — today and tomorrow.
INDUSTRY
- Public Sector
SOLUTIONS
- Security
- Platform