City of Newton, Kansas
The City of Newton, Kansas, faces an increasingly common challenge for small municipalities: providing robust cybersecurity protection despite limited resources.
With just two IT staff members supporting 230 employees and serving roughly 20,000 residents, the team needed to transform their cybersecurity posture, gain critical visibility into their network, enhance their threat detection capabilities, and strengthen their protection against evolving threats. And they needed to achieve it in a way that wouldn't strain their budget or require extensive manpower.
The Challenge: Small Team, Big Responsibilities
When Nathan Wallace joined the City of Newton as Cybersecurity Architect two years ago, he was welcomed by long-time IT Director Brenda Ternes, who spent 16 of her 18 years at the city as the sole IT staff member. Together, they are responsible for everything IT- and cybersecurity-related for the entire municipal operation.
"We both kind of do it all," explained Wallace. "From help desk tickets, all the printing issues, whatever else, all the way to configuring and designing the network and making sure that everything's done correctly."
Like many municipalities, Newton operates under strict budget constraints. "Budgetary resources is a big thing for local government," Ternes says. "We don't have an unlimited amount of money to throw at problems or to hire enough personnel to maintain what we're trying to do. So we have to do more with less."
The city has an existing relationship with a Managed Service Provider (MSP) handling some cybersecurity functions, but Wallace identified a critical gap when he came on board. "My big thing was making sure that we had visibility on our network," he said. "I needed more visibility into checking and making sure everything was getting done correctly."
"We don't have an unlimited amount of money to throw at problems or to hire enough personnel to maintain what we're trying to do. So we have to do more with less."
Stopping Threats at the Edge
Founded in 1871 as the Santa Fe Railroad expanded westward across the plains, Newton was initially a rowdy cowtown when cowboys drove cattle up the Chisholm Trail from Texas. It's considered part of the Wichita metropolitan area, serving as part of a five-county metro with 650,000 people, the largest such area in Kansas.
A progressive city working to attract new businesses and residents, Newton can't afford to compromise on security. The IT team needed solutions that would enhance their capabilities without requiring additional staff or overwhelming their budget.
Wallace began researching options that would provide the visibility and protection they needed. When he discovered Nomic Networks, he was particularly impressed by its network cloaking technology and comprehensive monitoring capabilities.
"I hadn't ever heard of network cloaking before," Wallace said. "When it sees anything malicious coming in, it blocks it and drops it off of the network entirely. It's not able to hit our firewall, and our firewall is able to perform more efficiently."
After careful evaluation, the City of Newton implemented Nomic's Managed Network Detection and Response (MNDR) platform, which brings together a set of tools for threat prevention, detection, and response to mitigate threats:
- Nomic Outpost: The first line of defense at the edge, it provides network protection with innovative cloaking technology to prevent malicious traffic from reaching the firewall.
- Nomic Insight: A unique network-based tool that fills in the gaps between the firewall and the endpoints, offering detection, response, and visibility powered by an enriched network flow archive.
- Nomic HQ: Offers centralized management and automated reporting functions to streamline compliance documentation and reporting.
The implementation complemented Newton's existing security stack, which includes endpoint detection and response (EDR) solutions managed by its MSP. This created a layered security approach that addressed their specific needs and strengthened their overall threat management capabilities.
"When it sees anything malicious coming in, it blocks it and drops it off of the network entirely. It's not able to hit our firewall, and our firewall is able to perform more efficiently."
Bridging the Gaps Left by Conventional SIEMs
The impact of implementing Nomic's solutions was immediate and significant. For Wallace, the visibility provided by Insight was transformative. "When I saw that Insight was a product that sits inside of our network, communicates with the Outpost to create all sorts of information for everything that comes on and off of our network ... it was almost a no-brainer," he explained.
This enhanced visibility allowed the small team to effectively monitor their entire network without requiring constant attention, closing previous visibility gaps that had left parts of their infrastructure potentially vulnerable. "Being able to see everything from the IP addresses that we connect to, the protocols, the attack types, everything that's happening, it's where we want to go as far as visibility," Wallace said.
Traditional SIEMs mainly focus on log data. To truly move beyond SIEM, security teams need to tap into a wider range of sources, everything from endpoints and networks to cloud environments and the business applications people use every day.
Insight's Network Flows provide an independent perspective beyond firewall and device logs, capturing every network conversation in real-time. With an intuitive search filter, you can quickly explore the Flow archive to answer detailed traffic questions, far more efficiently than digging through firewall logs or querying a SIEM.
"I love that Insight gives me a complete archive of the network traffic for such a long lookback," says Wallace. "It gives me peace of mind to know I can reach back into the past and find what I need."
The practical benefits extend beyond just monitoring. Ternes recalled an instance when the system helped them troubleshoot application issues: "We had users getting blocked downloading software and doing things. And so we were in Insight and … we figured out why they were getting blocked downloading their software. They would have never figured it out, but it was different ASNs that they were going through and they were malicious."
For a two-person IT team, managing security alerts efficiently is critical. Wallace appreciates the efficiency of Nomic's approach to alert management. "I get the alert at the end of the day from you guys and it comes through at midnight. I'll go through and read through and make sure that everything looks the same as normal. And when it is, great, all is well, move on."
This allows him to focus his attention where it's needed most. "I try to focus my time on making sure that I'm going through all of the influx of information that we receive to make sure that if there is a bad or an issue of things that are popping up, that they're known bads."
The improved threat detection capabilities have significantly enhanced Newton's security posture. The system now automatically identifies potential threats based on behavior patterns and known indicators of compromise, allowing the small team to prioritize their response efforts and focus on the most critical security events.
The automated reporting features also proved invaluable for communicating security status to city leadership and supporting compliance requirements for municipal systems.
"I use that executive summary," Wallace explained. "I save it and I have every month since we've had the product in place, all the alerts, all the countries, the ASNs … All the communication we've done, it's all put in a very clean, nice document so then whenever the commission or whoever asks about the product, I can show the value in it."
These standardized reports have simplified the city's compliance documentation process, providing clear evidence of their security controls and monitoring activities when needed for audits or reviews.
"I love that Insight gives me a complete archive of the network traffic for such a long lookback. It gives me peace of mind to know I can reach back into the past and find what I need."
The Importance of Proactive Cybersecurity Support and Community
For small municipal IT teams, vendor support and community resources are essential lifelines. Ternes highlighted the importance of both in Newton's cybersecurity journey.
"I personally think your support is awesome," she told the Nomic team. "The few times that Nathan and I had just started with the products and we reached out to support, they're awesome. Very, very quick, knowledgeable, explain things well."
Wallace echoed this sentiment: "You guys have a relatively small team, but it's never felt that way. It amazes me how you guys have such a small team, and I've never once had any troubles getting connected or talking to anyone from you guys when I've needed to get any information."
Beyond vendor support, Ternes emphasized the value of community resources like the Government Management Information Sciences (GMIS) organization, where she serves as President. "When I got involved in GMIS and was just a basic member, I found a family of like-minded people. And so I heavily leaned on my peers because they had been there, they had done that."
This collaborative approach extends to how municipalities share information and solutions. "They have the same challenges," Ternes noted. "They have smaller communities. They have the smaller cities, the smaller counties, and there's not a lot of people resources. When I was introduced to GMIS, that was a huge help to me because all of these individuals, I was able to ask questions and they just wanted to help. IT people in general just want to help."
Pushing the Boundaries of SIEM
With their enhanced visibility and protection in place, the City of Newton continues to mature their security program. They're currently seeking approval to implement a conventional SIEM, which would further enhance their log management capabilities.
"We are currently in the process of looking at getting a SIEM in place as well," Wallace explained. "That's been a big thing. I have all of these different influxes of information from different logging systems, and I'm just constantly having to check logs, and it can take some time."
The SIEM implementation would complement their existing Nomic MNDR solution by centralizing log data and applying advanced analytics. It represents the next step in Newton's security maturity journey.
Even with a SIEM implementation on the horizon, Wallace sees ongoing value in the Nomic solutions. "This was the perfect starting point. And it was honestly more than I was expecting because what you guys do very well compared to maybe some other organizations or products or solutions is your continuous innovation."
Security Within Reach
The City of Newton demonstrates how small municipal IT teams can effectively enhance their cybersecurity posture despite limited resources. By selecting solutions that provide comprehensive visibility, Newton has established a security foundation that supports their organizational growth while addressing their unique challenges.
Their approach offers valuable lessons for similar organizations:
- Gaining comprehensive visibility should be a priority for resource-constrained teams. Without visibility, you can't protect what you can't see, and visibility gaps create security blind spots.
- A layered security approach with complementary solutions provides better protection than any single solution, especially for threat detection and threat management.
- Vendor support quality significantly impacts success for small teams that can't afford dedicated security specialists.
- Community resources like GMIS provide valuable peer support for municipal IT teams facing similar challenges.
- Automated reporting tools simplify compliance documentation and help communicate security value to leadership.
The partnership with Nomic Networks has enabled Newton to gain enterprise-level security capabilities without requiring enterprise-level resources, proving that effective cybersecurity is achievable for municipal organizations of all sizes.
