CrowdStrike Helps Medium-Sized Business Build Robust Corporate-Class Cybersecurity Defense
Small and medium-sized businesses (SMBs) face many of the same cybersecurity threats as large organizations. However, they don’t always have the resources – time, money, skills or staff – that larger corporations can deploy. One company to overcome this challenge is BPG Designs, with the help of CrowdStrike.
“SMBs often feel they don’t have the staff, or cannot afford the staff, to support a solid cybersecurity posture,” explained Don Thorstenson, IT Manager at BPG Designs. “However, the tools are out there, as we have found with CrowdStrike and others. It is absolutely doable from a cost standpoint; just because we are a small business does not mean we have to aim small. Aim big because the options are there and are not cost-prohibitive.”
BPG Designs is a 190-strong SMB that provides a range of design, building and maintenance services for critical telecommunications infrastructure in the broadband, commercial, government and education markets throughout the Southwestern United States. Thorstenson heads up a team of four people responsible for all of the company’s IT, including cybersecurity.
Castle-and-Moat On-Premises Infrastructure
BPG Designs had its IT infrastructure on-premises until the COVID-19 pandemic. When the company transitioned to a remote workforce, everything changed.
“BPG Designs had a typical castle-and-moat, on-premises infrastructure,” said Thorstenson. “And the knee-jerk reaction in 2020 was to use the set VPNs to enable staff to remotely connect to our business systems. But at the same time, we were starting to look at the cloud so we paused to consider the bigger picture to ensure we could build a robust security infrastructure.”
Fortunately, Thorstenson and his team are supported by leadership that understands the importance of protecting the company’s digital environment as well as its employees and customers. When it came to choosing a partner, Thorstenson already had exposure to CrowdStrike: His wife, who managed cybersecurity for Arizona State University, was a long- time user and fan of CrowdStrike.
Today, BPG Designs has built a new, cloud-native security infrastructure around the CrowdStrike platform, incorporating Falcon Insight XDR for Endpoint Detection and Response (EDR), Falcon OverWatch, Falcon Prevent next-generation antivirus (AV), and Falcon Identity Threat Protection (ITP). To round out the security solution, the company has integrated CrowdStrike with several complementary applications including Zscaler, Proofpoint and Duo.
CrowdStrike Revolutionizes Security
“As an SMB, we have a small IT team, who are not necessarily cybersecurity experts,” disclosed Thorstenson. “CrowdStrike made cybersecurity really easy for us, the dashboard has revolutionized how we visualize and manage challenges like endpoint protection and identity. Now, with the CrowdStrike partnership and toolset, we can see what has happened, what devices and applications are involved, and what we need to do to address it. With CrowdStrike, we do not need to solely rely on our limited knowledge.”
BPG Designs has recently extended its CrowdStrike platform to include Falcon Identity Threat Protection (ITP). Thorstenson had inherited the existing IT environment; as a result, he was not aware of all the prior accounts and privileges that had been set up. The company needed to address cybersecurity as it moved towards the cloud and attacks increasingly targeted identity.
“Falcon Identity Threat Protection was an opportunity to understand our credentials and identities,” explained Thorstenson. “One of the things I love about CrowdStrike is you can try out different modules. We spent two weeks testing ITP and it opened our eyes to our identity risk and absolutely floored us.”
For example, ITP quickly showed that sometime in the past, a guest user account was set up with privileged access, which the team was able to quickly remedy. “ITP is a tool that gives us visibility we otherwise would not have. It is not isolated to one platform, it covers the whole system,” said Thorstenson.
How CrowdStrike Helps Cut Costs
CrowdStrike is an integral part of the security stack at BPG Designs, so much so that staff outside the IT team recognized its role in supporting and protecting the business.
“What surprised us about CrowdStrike was not just that we had a best-in-class solution. It also saved us money, especially for endpoint protection,” remarked Thorstenson. “Greater efficiencies improved cost savings, and we significantly improved the ability to monitor and protect our environment.”
Managing security used to be time-consuming because it often meant manually sifting through systems to identify the security status of the business. For BPG, this is now automatically handled on the back end with CrowdStrike and other security applications, saving valuable time.
“Another pleasant surprise for us was the endpoint visibility that CrowdStrike enables,” elaborated Thorstenson. “When something comes up, there is a real-time response where I can jump on a machine and see what is going on without involving the user. It does not happen very often but when it does, it is an incredible time saver. It is now at a state where I only need to look at the dashboard and do Zero Trust assessment once a week.”
Small businesses often spend great amounts of time and effort to achieve a better security posture. “The time-to-value with CrowdStrike was nearly instantaneous,” divulged Thorstenson. “We spent a long time on the procurement and purchase process. However, by the time the decision was made, and things were set in place, implementation was extremely fast and easy. We just had to push out sensors to our endpoints and instantly, everything started showing up on the dashboard. And there is nothing to do maintenance-wise. For a small team with limited resources, this is huge.”
Thorstenson values the partnership with CrowdStrike because of the way it supports BPG Designs in a practical and constructive way. “CrowdStrike keeps us abreast of new offerings that might be beneficial, but not in a hard-sell way,” concluded Thorstenson. “One of the best things we get out of the partnership is quarterly meetings where CrowdStrike takes a look at our policy settings. As time progresses and the dynamics of cybersecurity and threat actors change, it is very comforting and helpful to know that we have CrowdStrike checking that we are in the right place.”