Orange County NC Website
1 <br /> ORANGE COUNTY <br /> BOARD OF COMMISSIONERS <br /> ACTION AGENDA ITEM ABSTRACT <br /> Meeting Date: January 17, 2023 <br /> Action Agenda <br /> Item No. 8-j <br /> SUBJECT: End Point Protection — Managed Detection Response CrowdStrike Contract <br /> DEPARTMENT: Information Technologies (IT) <br /> ATTACHMENT(S): INFORMATION CONTACT: <br /> David Mathias IT Operations Manager/ <br /> Security Officer, 919.245.2272 <br /> Jim Northrup, Chief Information Officer, <br /> 919.245.2276 <br /> PURPOSE: To approve and authorize the Manager to sign a one-year contract with Carahsoft <br /> Technology Corporation (Carahsoft) and CrowdStrike in the amount of $112,965 to move 1,500 <br /> devices, e.g., computers and servers, from the currently deployed Carbon Black endpoint <br /> protection to CrowdStrike end point protection, with the addition of a vendor initiated managed <br /> detection system. <br /> BACKGROUND: This service utilizing a different vendor, i.e., CWD-G, Inc was presented to and <br /> approved by the Board of Commissioners at the November 15, 2022 Business meeting. However, <br /> the service could not be implemented as approved in November due to the vendor's inability to <br /> utilize and sign the Orange County contract template due to conflicting terms in the template and <br /> purchasing vehicle used to meet legal requirements, i.e., CDW-G could not use the Omnia <br /> Cooperative Purchasing Agreement. The proposed new vendor for consideration is Carahsoft, <br /> and all documents, processes and procedures have been vetted by the Carahsoft, Orange County <br /> Purchasing staff, and the County Attorney's Office. <br /> Orange County Information Technologies is currently deploying Carbon Black and a next <br /> generation antivirus system on all compatible computing devices. The current system has been <br /> managed successfully by IT staff since 2019. One of the shortcomings of the current system is <br /> that, unless IT staff is focused on email 24 hours a day/7 days a week, detection may go unnoticed <br /> for hours. For example, an event or infection could occur on a Sunday at 11:59 PM, thereby <br /> increasing the risk of a single machine infecting other machines around it, i.e., the network until <br /> staff monitoring of email resumes at 8:00 am on Monday. <br /> The proposed CrowdStrike system not only replaces Carbon Black, but has an additional <br /> component of 24 hours a day/7 days a week monitoring and response, e.g., an infection or harmful <br /> event is remediated up to and including network quarantine. Through the contract the vendor <br /> guarantees a 1 to 2 hour response time, dependent on event severity, per the Service Level <br /> Agreement. Real world response times are considerably less and available upon request. <br />