Dallas is a special place with a vibrant culture, a diverse population, and some world-famous sports teams to boot. As a growing city, the local government consists of approximately 43 departments and 14,000 employees. To build a thriving urban environment amid an expanding population, Dallas has become a leading smart city by advancing technology to meet the growing demands on its basic infrastructure. As a result, the City of Dallas' digital infrastructure has also grown. The threat of cybercrime has grown, too.
From public WiFi to innovative "smart parks", the citizens of Dallas enjoy an array of high-tech services—but technology also introduces opportunity for malicious actors. "Every minute, someone is trying to exploit vulnerabilities in our systems," explains Samson Tasso, a senior security analyst for the city.
With more than 1.4 million citizens to serve—including critical infrastructure, such as firefighters, emergency management, and water utilities—the city's security team has enormous responsibility on its shoulders.
The Downsides of Encryption
As they modernize their infrastructure, the city is using more and more encrypted protocols as a means of protecting sensitive information traveling through public networks. This ensures bad actors cannot see or use encrypted data as it moves through the system.
Yet, encrypted traffic also means less visibility, which creates new opportunities for attacks. "You encrypt the traffic to protect the data," explains Dr. Brian Gardner, the city's chief information security officer (CISO). "But the bad actors have figured out that they can use encryption to infiltrate your environment."
Using encrypted traffic, bad actors can more easily bypass perimeter defenses, such as firewalls and intrusion detection systems (IDS), and obscure their actions from network-facing detections, such as traditional network traffic analysis (NTA). This left the city's infrastructure vulnerable to a variety of threats, from malware to database attacks.
So in order to fight back, they needed a means of securely decrypting network traffic.
How Secure Decryption Keeps Networks Safe
In the simplest terms, decryption is the process of converting encrypted data into its original form. Decryption through an inline proxy server is the most common way for security teams to inspect network traffic for indicators of compromise. Proxies then re-encrypt traffic before it is sent to its intended destination.
Decryption allows security teams to: Assess the potential threat of a particular piece of traffic; identify the actions an attacker took; understand the scope of a security incident; and ultimately implement preventative strategies based on these insights.
Sounds good, right? The only hitch is that secure decryption solutions tend to be computationally costly and highly complex. To scale a solution that would protect a city of 1.4 million required far greater resources and time than Tasso and Gardner had at their disposal.
At least, that's what they thought—until they found ExtraHop.
Safety at Scale with Reveal(x)
To keep their critical infrastructure and amenities from libraries and smart parks to the city-owned American Airlines Center arena, operating securely without latency, the IT team at the City of Dallas turned to ExtraHop Reveal(x) network detection and response (NDR). Reveal(x) decrypts mirrored network traffic out of band to securely detect threats without the throughput, latency, and transaction issues that other solutions create. It provides visibility into east-west traffic, enabling the city's security team to see when bad actors go between systems—a key indicator that they are trying to propagate ransomware, for example, across the network.
Not only did Reveal(x) provide greater visibility and scalability, it also solved a far more human problem—usability. The cybersecurity industry is chronically understaffed, and as Gardner explained, this makes implementing complex solutions difficult.
"Some solutions can be very challenging, very technical with lots of configuration. But Reveal(x) was not," explains Gardner. "That was one of the biggest benefits: You didn't have to be a subject matter expert—it was simple."
By enabling secure decryption at scale without sapping resources, Reveal(x) has enabled the city's cybersecurity team to reinforce their network—and provide a safer environment for the city's ever-growing digital population.
"When somebody's digital information is secured, that means they are safer, and have a better life," says Tasso. "That's a big achievement, I think—to protect the city of Dallas this long!"