Data Sheet

ThreatBlockr State & Local Government Data Sheet

Impact of Cyber Attacks on SLED

  • 47% of local governments experience daily cyberattack
  • $2.3B – the average cost of a cyber attack on SLED
  • 9.6 days – average resulting downtime from a Ransomware attack

Using Threat Intelligence to Protect State, Local, and Tribal Governments

Cyber attacks against state, local, and tribal governments have been dramatically increasing year over year. In 2019 alone, there were 140 ransomware attacks – an average of 3 per day, targeting public, state, and local government. Unfortunately, with the 2020 pandemic and the shift to remote work, these attacks have surged. Almost daily we hear of another Ransomware attack crippling a city 911 system, or freezing thousands of government computers and disrupting everything from real estate sales to water bill payments. Even with help from federal authorities, the cost to repair is astronomical.

Key Risk Factors

  • Damage to Critical Systems: Cyber attacks can have devastating impact on state, city, and tribal infrastructures. From 911 networks, to utility billing and payment systems, to health and human services and social services, these attacks can be disruptive, severe, and life threatening.
  • Financial Gain: From targeted phishing attacks and their associated ransomware attacks on state, local, and tribal networks, the primary motivation is a financial one. Cybercriminals go where the money is.
  • Regulatory Compliance: As SLED encompasses a wide array systems and functions, and more regulations are enacted around consumer and citizen privacy, the SLED segment is increasingly under the purveyance of regulations. These regulations include state enacted regulations such as the California Consumer Privacy Act of 2018, as well as more broad regulations dealing with payment systems. Either way, regulatory compliance is a growing reality for state, local, and tribal governments.

Proprietary Vendor Perspective

Threat Intelligence from NGFW vendors is proprietary and offers a narrow view of the threat landscape. The ability to take action on threat intelligence from multiple sources is paramount to protecting from today’s targeted attacks.

Assessing Threat Intelligence Sources

There are a plethora of threat intelligence sources including industry specific (MS-ISAC, E-ISAC), to commercial sources (DomainTools). The ability to incorporate multiple, trusted sources and then grow as needed, is key.

Operationalizing Threat Intelligence

Managing threat intelligence can be expensive and time consuming. How much threat intelligence is enough? Is there security “know-how” to use it? How well does threat intelligence play with NGFWs? Selecting the  right solution is critical.

Solution: ThreatBlockr

ThreatBlockr uses simple, innovative technology and best-in-class threat intelligence to secure your networks, data and users in real time –  wherever they are. Whether it’s from data we provide out of the box, data from one of our Partner Integrations – or any other data source you have –  we block attacks from up to 150 Million malicious IPs and domains in real-time, with no latency. At ThreatBlockr, we believe nothing scales like simplicity. We make blocking threats smart and simple – at scale – everywhere.

ThreatBlockr works with more than 34 SLED clients across 3 countries, 14 states, counties, and cities. Additionally, ThreatBlockr is included in purchasing agreements such as the State of Texas DIR Contract, and NASPO SVAR and Cloud.

Small and Midsized SLED Organizations

Small and medium sized city, county, and tribal municipalities usually do not have the luxury of large cybersecurity budgets, staff, and resources at their disposal. These government IT organizations need a threat intelligence solution that is turnkey, automated, and affordable:

  • Provides powerful, day-one protection with over 30 million “out of the box” threat intelligence indicators from leading commercial providers (DomainTools, Proofpoint), open source, government (DHS), and industry (MS and IE-ISAC).
  • Easily integrates threat intelligence from any source.
  • Saves time by eliminating the need to manually manage threat feeds and external blocklists.
  • Delivers an automated solution that is easy to deploy and manage.
  • Complements and increases the ROI of existing firewall investments.

Large SLED Organization

With greater resources, budget, and staff, larger cities, counties, and tribal municipalities typically have a more mature security practice. They are most likely using multiple sources of threat intelligence, a dedicated Threat Intelligence Platform (TIP), and a SIEM. The challenge for these organizations lies in their ability to efficiently integrate threat intelligence into security controls. In addition to the aforementioned benefits, the ThreatBlockr platform:

  • Blocks 150 million IP and domain indicators, far outpacing the capabilities of NGFWs.
  • Easily integrates threat indicators from Threat Intelligence Platforms (TIPs), SIEMs, and SOARs.
  • Maximizes the ROI of threat intelligence investments by taking action, as well as gaining real-time visibility into which threat intelligence sources are adding value and which are not.
  • Improves the efficiency and effectiveness of next generation firewalls by blocking known threats, freeing the NGFW to focus resources on more sophisticated attacks.S