“As a public safety entity, we seem to be a target for criminal activity,” said Micah Clark, Information Technology Director at Central Utah 911 and a user of Purple Knight, a free Active Directory security assessment tool from Semperis. “Making sure that our Active Directory is hardwired, that we don’t have any holes through which people could get in, is my largest focus in terms of security.”
As the dispatch service for several city police departments, county sheriff’s offices, and fire departments, Central Utah 911 provides the communication link between the community and responders, so any interruption in service could affect public safety. Cybercriminals increasingly target local government services and public infrastructure because these entities are often challenged with legacy AD infrastructures, limited budgets, and siloed IT and security teams. Recent examples include the cyberattack on an Oldsmar, Florida, water treatment facility and the notorious Colonial Pipeline attack.
The unique needs of public safety
Currently, Central Utah 911 uses on-premises Active Directory with an Azure AD connection to Office 365 and the Office 365 Government Community Cloud (GCC). This alone lends itself to a highly dynamic infrastructure. And as we well know, the more dynamic one’s workplace, the more difficult it becomes to keep Active Directory secure.
Watch Clark talk with Petri IT Knowledgebase about the dispatch center’s experience using Purple Knight.
In addition, emergency dispatch centers are uniquely challenging from a cybersecurity perspective. Subject to incredibly strict regulatory and security requirements, they also tend to have a high turnover rate. For Central Utah 911, this means that its AD deployment exists in a state of constant flux.
“We have various connections constantly going in and out,” Clark said. “It’s a high-stress job, so we lose people and hire replacements very regularly. We’re also constantly adding different computers and devices to the system—it’s an environment of constant change.”
Digging deep into AD connections
Clark was aware of these challenges when he sought out Purple Knight.
“I learned about [Semperis and Purple Knight] through a webinar hosted by Dell on security awareness,” he said. “It intrigued me, and I decided to try the product. It’s the first utility I’ve used that digs this deep into the Active Directory connections.”
Initially intent on using Purple Knight to identify unmonitored and unmanaged legacy accounts, Central Utah 911 now runs a scan and generates a monthly report. According to Clark, using the tool has made him rethink how he handles accounts and has brought about a dramatic change in how he and his team communicate with stakeholders. Thanks to Purple Knight, they now have concrete proof of their agency’s security posture and specific ideas for how to improve that posture.
The solution has also been quite beneficial in helping the organization adjust its employee training.
“Being in the technology sector for 25-plus years, I appreciate tools like this that really help make the job easier as you try to find holes in your organization,” Clark said. “It helps you teach other people why they need to follow certain policies on security. And it’s helped me find weak links and work with vendors to try to better secure our environment.
“I’ve not researched any other options,” he said. “Purple Knight has worked so well I don’t need to find anything else.”