Challenges: The classic tale of David v. Goliath

As the 9th most targeted industry in 2023, Mendocino College faced a cybersecurity challenge familiar to many small teams in the education sector. They needed to fend off targeted threats and potentially devastating breaches with limited resources. 

For the cybersecurity team at Mendocino College, and countless others, a barrage of threat intel and slow manual processes was just the way things had always been done. They weren’t aware of any solutions that could significantly ease the load.

“What attracted me to Fletch was that there’s a ton of threat intelligence out there, but it’s not correlated to anything. And so I’m looking at all these different feeds, articles, trying to filter for myself to find out what’s out there and which ones might impact us.” 

- David Johnston, Director of Information Technology at Mendocino College

These are the key challenges Mendocino faced:

• No tailored information, creating too much manual research for a small team

• No threat correlation, requiring massive time investments to find relevant information

• Manual processes slowed response times and increased the risk of overlooking critical threats

Initial processes and tools

Before Fletch, Mendocino College was using vulnerability and EDR tools Defender, Crowdstrike, and Tenable. While these were helpful in detecting existing threats, these fell short in preventing threats and left them with no context.

For threat intel, Mendocino College relied on sorting through multiple emails, various websites, and social media daily to find relevant threat information. This manual effort created inefficiencies in detection and response times. Above all else, it led to great uncertainty that they were actually protected against cyber attacks.

Objectives

When Fletch caught the eye of Director of Information Technology, David Johnston, a new world of possibilities opened up. His goals for Fletch were clear: a tool that could help them avoid incidents, keep out of the headlines, and streamline the threat intelligence filtering process.

To do all that that, the tool needed to increase their capabilities with:

• Preventative threat detection: Mendocino College wanted to identify and address threats at an early stage to minimize potential damage and increase confidence.

• Correlated threat intelligence: The tool needed to make sense of the confusing, ever-evolving threat landscape and filter the noise down to only relevant and significant threats.

• Automated processes: As a small team, a tool that could automate and organize threat research and vulnerability management would be crucial for enhancing the capabilities of their security team.

Solution

From the minute David got into Fletch and saw that the threat landscape was correlated to Mendocino College, there was instant value and clarity. 

“Once I got a chance to get into the Fletch platform and start playing with it, it was pretty evident to me very quickly that it was going to be something that would help us.”

- David Johnston, Director of Information Technology at Mendocino College

One of the most valuable features for David was Fletch’s alert prioritizer. His threats were now sorted by priority using factors like severity, community sentiment, and threat history. 

David also appreciated the ability to control his feed with user actions, the ability to snooze, ignore, or resolve threats on their feed.

Fletch’s pre vulnerability scanner gives Mendocino College insight into threats their EDR and vulnerability tools couldn’t pick up, such as threats targeting their people. 

An unexpected standout feature for David, was the organization of threats into what is known as Threat Collections, simplifying the handling of CVEs and other IOCs. 

“I appreciate that Fletch collects threats together. You’ve gathered a bunch of CVEs and a bunch of IOCs surrounding the same threat to address this really fundamental issue. So rather than having a bunch of different things, where you have to see pieces of it, it’s nice that it’s all put together in a package.”

- David Johnston, Director of Information Technology at Mendocino College

Results

Fletch is now fully integrated into the security practices of Mendocino College. It’s even a part of David’s daily routine.

He starts his mornings checking the Daily Threat Report for relevant threats to dive into. When there is something of note, David clicks into his Fletch feed. He’s particularly interested in the malware and vuln threats from the alert prioritizer.

The summary headlines provided for each threat help David to quickly triage threats. And Threat Boards give him everything he needs to know if a threat needs more attention. Fletch’s advice helps him promptly address critical threats in collaboration with the server team, and AI generated comms allow for efficient information sharing with the wider team or specific audiences. 

The time savings with Fletch are substantial; David estimates it would have taken around 3 hours a day to manually perform the same tasks Fletch automates. Having the best threat intel gives him time to focus on high level strategy and critical threats. 

“Fletch has saved me time because I’m looking at stuff that actually matters. The reality is, I wouldn’t have spent enough of the time that I probably needed to spend before, just because it wasn’t doable.”

- David Johnston, Director of Information Technology at Mendocino College

Key Features and Benefits:

1. Daily Threat Report:  Fletch’s Daily Threat Report gives Mendocino College the ability to start their day knowing what to get started on.

2. Correlated Fletch Feed: The feed filters down the threat landscape to the threats targeting the devices and people Mendocino College has and gives real time updates, eliminating the manual workload.

3. Fletch Smart Sets: Fletch organizes and prioritizes threats by correlation to you via Smart Sets. Mendocino College has a focus on vulnerabilities and malware, and uses Smart Sets to stay focused on what they care about.

4. User Actions: The ability to resolve mitigated threats or ignore less relevant threats has been crucial in keeping Mendocino College organized.

5. Threat Collections: Fletch’s AI engine intelligently groups the articles, advice, correlation tags, and IOCs that come to be associated with the same threat, as it evolves with different attack tactics. This provides context and streamlines the messy threat landscape for Mendocino College’s team. 

“Having threat intel that actually matters for your organization with the technologies and systems that you use is really valuable and important. 

It's so easy to get just flooded with all the stuff out there. That you never really get a chance to focus on the things that matter. And I feel like Fletch gives me that ability to really focus on what's important.”

- David Johnston, Director of Information Technology at Mendocino College

Takeaway

Mendocino College started out dealing with overwhelming threat data, manual processes, and uncertainty around overlooking critical threats. With Fletch, they not only addressed their challenges but transformed their approach to cybersecurity. With correlated threat intelligence, early threat detection, and automated processes, Fletch was able to provide a tailored and efficient solution that 10x their capabilities in safeguarding their educational environment.