Whole-of-state program delivers security that’s ‘antivirus on steroids’

Nimito/GettyImages

 

Connecting state and local government leaders

Woodbury, Minnesota, was one of the first cities to take advantage of the subsidized managed detection and response solution.

In Woodbury, Minnesota, the city’s 11-person IT department faced a difficult decision. The cybersecurity hardware and software they adopted three years ago was up for renewal, and the new price was more than they wanted to pay. 

For CrowdStrike's managed detection and response offering, the city had a 15% discount for the first year through a Center for Internet Security, or CIS, program. The city paid $51 for each of its 400 devices, “so our cost initially was $20,400 for the year,” said Robert James, Woodbury’s information and communications technology director. “When the renewal came around, it was without the initial discount, so it was $24,000 for the year.”

But the Minnesota Whole-of-State Cybersecurity Plan offered a way forward. Developed by the Minnesota Information Technology Services’ Cybersecurity Task Force, the plan offers managed detection and response capabilities through a whole-of-state cybersecurity plan. 

Announced in September 2023, the whole-of-state program uses $23 million in funding from the federal government’s State and Local Cybersecurity Grant Program and matching dollars from the Minnesota legislature to provide cybersecurity resources and tools, including CrowdStrike’s managed detection and response solution.

Under the plan, eligible entities, including localities, schools and tribal nations, get CrowdStrike technology and a subsidized three-year subscription for managed detection and response software. After that, they pay through a cost-sharing model.

Woodbury was one of the first localities to sign on.

“Through the Minnesota whole-of-state program, the cost will be $46 per device when the grant program runs out” in July 2027, James said. “We will save more than $14 per device and get more security deployment than with our deployment through CIS. Since we have added more devices in total, this will add up to almost $7,000 in savings for the city every year.”

About 125 Minnesota entities, including Woodbury, have been using the setup since February. Another 80 are coming online soon.

The plan “helps us build that mentality of ‘we are one Minnesota,’” said John Israel, the state’s chief information security officer. “It’s an opportunity for us to share threat intelligence, share information and help prevent these events…. We at the state have just as much of a duty to protect our residents and their data as all of the other government entities.”

Plus, the plan makes top-notch security accessible to all governmental units, regardless of size or budget, he added, because even when a school district, fire department or wastewater treatment plant has to pay, “they’re still getting a benefit in a discount because local governments simply can’t negotiate the pricing for these tools at the same level that the state can,” Israel said. The three years of free software also gives government entities “a chance to advocate and educate their boards and their councils and their leaders on the need for the investment, and build that investment over time vs. it being a cliff that they fall off.” 

Perhaps most importantly, the plan increases cybersecurity. Partners get security “that’s an antivirus on steroids with full vendor support,” said Israel, who’s also a co-chair of the state’s Cybersecurity Task Force. “If anything happens, the vendor steps in and blocks it and works with them to help remediate, so we’ve seen a significant risk reduction.” The anecdotal evidence suggests “the entities that are participating to date—knock on wood—are not having the impact from malware events that they were before.”

Since Woodbury started using the state-hosted managed detection and response solution, it has experienced only false positives, James said, but they show the benefits of the setup. When a problem is detected, alerts go to not only Woodbury’s system administrators, but also to CrowdStrike’s security operations center. 

That’s a far cry from the way things worked when the city used only an antivirus solution rather than the managed detection and response service it has now, James said. “I wouldn’t have gotten an alert … and we wouldn’t have had a security operations center behind us being alerted and then helping us figure out if this is a problem,” he said. “It gives me some assurance that I’m not alone with this. I’ve got the state and I’ve got CrowdStrike backing me up and helping me and my team out.”

The whole-of-state plan builds on Minnesota’s Statewide Security Monitoring Initiative, a decade-plus-old program that provides funding to local governments for cybersecurity improvements. “That program grew from a budget of I think it was only $100,000 the first year to now this year for 2024 has been renewed for $1.9 million,” Israel said. It gets support from U.S. Department of Homeland Security grants.

That monitoring initiative helped inform the whole-of-state plan, he said, adding that the state has essentially merged the two because it still gets funding for both. 

As part of the whole-of-state plan, Minnesota started a program called Cyber Navigators, which makes cybersecurity experts available to entities that need help. “We have four of them,” Israel said. “One is focused on counties, one’s focused on municipalities, so cities and townships, one is focused on schools, and then the fourth one on critical infrastructure.”

Next, the team will begin helping localities build their baseline security—another area that a 15-member task force identified last year as a priority. “Our target is to launch Version Two of the plan in September,” Israel said.

Editor's note: This story was changed May 15  and  May 16 to correct the description and pricing on the CrowdStrike subscription services. The software is not free, but the cost is subsidized for three years. 

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.