Securing and Protecting the BPD’s Network to Best Serve the People of Baltimore

September 17, 2021

Technology changes every day—no matter how much you know, the next day you know a little less. You have to keep reading and learning just to keep up, which, for me, is a pleasure. My love for continuous learning has gone hand in hand with my love for technology.

I've always been fascinated by technology and have had a passion for IT since I was a kid. When I was 10 years old, I asked for a computer instead of a bicycle because I wanted to learn how to program. Where other people read novels for a hobby, I read technical manuals. All I wanted to do with my life is work in IT, and I have dedicated my career to excelling at IT infrastructure design.

I've worked in the field for 25 years, and in 2019, I started working in the IT Department of the Baltimore Police Department (BPD). As Director of IT Infrastructure, it was my job to revamp the BPD's entire network.

A Neglected Network and No Money

When I took the job, our IT infrastructure was deficient in many ways and severely lacking in security and development support. There was no funding for maintenance or staying up to date with new technologies, and there was no technical oversight. We didn't have anybody who knew how to drill down from macro to micro concerns and run an IT environment from a holistic perspective. Our storage, compute, and network fabric weren't working together as a coherent entity, our IT team worked in silos and had no comprehensive IT infrastructure monitoring framework in place.

Director Derek Canton was holding down the fort, and I'm amazed he did it so well given the constraints he had. There was a lack of vision and leadership, which led to a lack of planning and execution. Derek recognized the gaps and knew he needed help to turn things around. To rectify the situation, the BPD brought in Edward Davis as CTO. Chief Davis knows how to manage the delivery of IT services and technologies, and happens to be an old friend from my days working for the city of Baltimore. He entrusted me with building new infrastructure from scratch.

We had a huge technical gap across all our infrastructure layers, and there was nothing worth salvaging. Still, it wasn't all gloom and doom. We had purchased the latest technology from Cisco to replace our antiquated HPE switches, but nothing was configured properly. When I joined the BPD, we got everything configured the right way and got to work putting the switches in place. We also made a move to re-architect our network and redesign our Layer 3 OSPF topology to properly segment our VLANs across the city, thus eliminating Layer 2 sprawl and preventing one failing site from taking out the entire network.

The BPD's IT department comprises 45 people, most of whom work the help desk, with only six of us that engineer and maintain our network. Although we had an infrastructure budget, we were short on human resources so we staggered the rollout of our new network.

Identifying Weaknesses in Our Perimeter

Our first step was to shore up security on the perimeter, which we'd neglected far too long. It doesn’t make sense to spend a ton of money on a beautiful house and not invest in locks to keep out intruders—we didn’t want to do the same with our new network.

Bad actors need only be right once. That’s why your network security tools need to handle a wide range of threats.

We wanted to develop a security approach that covered a wide range of circumstances with tools that did the right thing when we encountered a threat. A bad actor only has to be right once to wreak havoc on our infrastructure, and we didn't want to provide any openings.

Chief Davis had made it clear that he wanted a highly mobile workforce, so everybody received laptops and tablets. Our new security framework had to take that into account. In the past, someone would have settled for less security when a particular device was outside the perimeter. With so many more devices on the go now, that could no longer be the case. Whether you’re physically within or outside the network, we wanted everyone to have the same level of security.

Creating a Strong Security Posture with Cisco Secure

I’m a Cisco guy, and we already had a lot of Cisco equipment, so when I was handed the project, I engaged them and explained what I wanted to achieve. Cisco Secure addressed our concerns with a comprehensive portfolio of network security solutions. We analyzed our needs and decided our first priority should be to roll out Cisco Umbrella and Cisco Secure Endpoint, which greatly increased our visibility. Our end points now connect to the cloud, so no matter our end points’ location, we can access the latest information and reach out to agents regardless of where they are.

Umbrella and Secure Endpoints gave us the visibility we lacked with our previous solution, Norton Antivirus, which resided on-prem and did not provide any visibility to our agents' devices when they were offsite. We couldn't see the security posture of our remote devices, and their status remained uncertain for weeks. Umbrella and Secure Endpoints helped us close these security gaps and gave us valuable intelligence about compromised endpoints. We were able to address issues of concern before moving on to the next step in deploying our new IT infrastructure.

Automated tools leverage #AI to detect and neutralize threats as they happen.

We then added Cisco Secure Malware Analytics and Cisco Secure Network Analytics to provide real-time network visibility and advanced security analytics. These automated tools leverage AI to detect and neutralize threats as they happen. Rather than having a team of engineers spend hours or days compiling data about our 2,500 endpoints to resolve a security issue, a single person can use Cisco's advanced analytics to ferret out the problem in minutes. We can monitor and measure everything across the board, and we've configured our tools to send out alerts whenever they encounter an issue. Our next phase is to create automated incident response workflows within SecureX to automate our threat response.

Making the Most of Our Resources with Training and Support

Cisco has given our small team the tools we need to make the most of our resources. Monitoring our network now occupies 15% of our time instead of every minute of the day, and we can start neutralizing a threat immediately. Whenever we learn about a new vulnerability, my team can take an Indicator of Compromise (IoC) from Cisco Talos, put it into Cisco Secure Malware Analytics, and can instantly see if we've been compromised.

A well-integrated network provides small teams the tools they need to make the most of their resources.

The best thing about Cisco Secure is how everything is integrated, and it can all be seen within Cisco SecureX. SecureX is the glue that binds everything together. It is a cloud-native, built-in platform that connects Cisco Secure solutions to our infrastructure. SecureX also allows us to limit access to the subsystems that comprise our infrastructure. Our help desk team has read-only access across the board to best see and understand the systems they're troubleshooting.

As it stands, in addition to Umbrella, Secure Endpoints, and Secure Network Analytics, we have integrated the following Cisco solutions into SecureX: Cisco ThreatGrid, Cisco Identity Services Engine (ISE), and our newly-deployed Cisco Firepower. The platform also has capabilities for third-party integrations, like we have done with Infoblox IPAM. The data from all these solutions are captured in the cloud, and being able to leverage all of that information in a single pane of glass has been a game changer. We now have a holistic view of our environment that is unmatched by anything else on the market.

While bringing all of this on board, we made extensive use of Cisco training resources, including CBT Nuggets, which offers 59 courses in 725 skills, and Cisco Learning Credits, which give our people access to instructor-led and self-paced digital learning activities and certifications.

Through the process, Cisco has been right there with an answer for every requirement. They rose to the task, and from the beginning, they worked alongside us to put together a grand plan and a roadmap for our future.

Cisco Takes Us Where We Want to Be

It’s an exciting time for the BPD, and leadership deserves a lot of credit for that. They're starting to understand that technology plays a big role in our operations. We’ve embarked on an overhaul of our records management system to reflect new approaches to public safety and policing and to keep up with the needs of a modern day police department. All of this and more depends on IT working properly to execute these visions.

Cisco made it easy for our limited staff to deploy and monitor our new IT infrastructure and has helped make application and network issues a thing of the past. When I got here, the network was going down on a weekly basis, which is unacceptable in a public safety organization. That is no longer the case. We haven't had any core outages in a year now, and our technology roadmap is a work in progress.

This is the new face of IT within the BPD. The department has invested millions in this transformation, and we are on the right path forward. As our primary IT supplier, Cisco has helped take BPD’s infrastructure from where we are to where we want to be. Cisco Secure has given us the tools to secure our network and better serve the citizens of Baltimore.

Ben Lora

Director of IT Infrastructure at Baltimore Police Department

Seasoned and innovative IT Infrastructure Manager with extensive experience with Data Center management, Microsoft technologies, including Active Directory, Exchange, clustering, Windows Operating Systems and Cisco Networking. Demonstrated ability to support numerous vendor hardware and software packages. Highly skilled in Storage Area Network, VMWare ESX platforms and Cisco routers and switches. Experience in supporting a 20,000 user enterprise. Exceptional design, troubleshooting, and problem resolution abilities.