Protecting the Ballot Box with FireEye Security Solutions
Challenge
There has been increased attention to the voting process during election time. Between claims of successful hacking of voting machines and election management systems to the dissemination of fabricated news, it's no wonder there has been more scrutiny and eyes on the electoral process than ever before.
And although technology has provided some convenience to elections, it also introduces risks. Without the proper security measures in place, the democratic process is vulnerable to cyber attacks that can change election outcomes or delegitimize the country's election systems.
Acknowledging election system risks, one state looked to increase its security mechanisms around its electoral activities at both the state and local levels as it prepared for its fall 2020 elections. To accomplish this task, its Secretary of State turned to WWT for help.
Solution
Knowing what the state wanted to accomplish and understanding the complexity of the election landscape, we partnered with FireEye to determine which solutions would be best suited to defend the state's electoral process against cyber threats.
Before FireEye could make a proposal, we first assessed the state's election infrastructure to identify potential entry points to voting systems and what methods could be used to breach them. Then, we tested the state's existing election security plans to detect potential gaps and vulnerabilities.
After we collected our findings, we proposed and implemented the following solutions ahead of the state's fall 2020 elections:
- FireEye Managed Defense to provide 24/7 monitoring of the customer's environment, including proactive threat hunting, to protect key threat points (e.g., voter registration, polling place identification, ballot submission and vote counting) identified by FireEye's intelligence team, enhancing existing security posture and real-time visibility across the organization.
- FireEye Digital Threat Monitoring to deliver reconnaissance web monitoring tailored to the organization. This service also provides early warning of when the company is mentioned or targeted on the internet and sends alerts when the company or its data has been exposed or compromised.
- Mandiant's Incident Response Retainer to establish terms and conditions for incident response services before a cybersecurity event occurs, significantly reducing an organization's incident response time and minimizing the overall impact of a breach.
Results
Despite heightened attention on election security, the state government was able to avoid any negative incidents during the fall 2020 election, securing its voting process and protecting its data. It was also able to meet election compliance mandates.
Building on the success of the fall 2020 election, WWT and FireEye partnered once more in March 2021 to work with the state government on structuring a plan that would extend election protection capabilities to its county election office networks. In addition to the solutions that were implemented earlier, the state also integrated:
- FireEye Endpoint Security to protect against common and advanced cyber attacks for an organization's endpoint environment and includes endpoint detection and response to minimize the impact of a breach.
- FireEye Network Security to detect and stop advanced, targeted and other evasive cyber attacks hiding in internet traffic.
- Expertise on Demand for flexible packaging and consumption options — includes "Ask An Analyst" and Fixed-Scope Services (e.g., investigations, cyber security consulting, etc.) — so organizations can get the expertise they need, when they need it.
With these solutions in place, the state now has action plans to remediate security incidents and long-term protection to its election infrastructure.