File #: 24-1582    Version: 1
Type: Agenda Item Status: Approved
File created: 9/4/2024 In control: Board of Supervisors
On agenda: 10/15/2024 Final action: 10/15/2024
Title: Information Technologies Department recommending the Board authorize the Director of Information Technologies to accept and execute the updated Crowdstrike Falcon Complete Limited Warranty Agreement in conjunction with existing Purchase Order 24000924 for the retroactive term of March 4, 2024, through March 3, 2025. FUNDING: General Fund.
Attachments: 1. A - Crowdstrike Falcon Complete Updated Warranty, 2. B - Crowdstrike Warranty Update Approved Blue Route, 3. C - Current PO 24000924 for Reference.pdf
Related files: 23-0082, 24-0185, 22-0850

Title

Information Technologies Department recommending the Board authorize the Director of Information Technologies to accept and execute the updated Crowdstrike Falcon Complete Limited Warranty Agreement in conjunction with existing Purchase Order 24000924 for the retroactive term of March 4, 2024, through March 3, 2025.

 

FUNDING:  General Fund.

Body

DISCUSSION / BACKGROUND

Since January 2018, the Information Technologies (IT) Department has used Crowdstrike Falcon advanced breach and endpoint protection services with Antivirus, Threat Intelligence, USB Device Control, and Threat Hunting capabilities.  In March 2022, IT upgraded to Falcon Complete managed detection and response (MDR) services, which delivers 24/7 expert management, monitoring, and response for the Crowdstrike Falcon platform. The Crowdstrike Falcon security solution is an industry leader to stop advanced threats, including next-gen antivirus, endpoint detection through Falcon Insight, and threat protection with Falcon Identity. The Crowdstrike Falcon Complete team, available 24/7, uses Overwatch to manage threat hunting and ensures comprehensive security for our El Dorado County IT assets, remediating security incidents in minutes to minimize impacts to the County.

 

In February 2024, the Board approved the issuance of Purchase Order 24000924 for $155,878.90, per Quote Q-823645 for the renewal of Falcon Complete services and licenses for the term starting March 4, 2024, through March 3, 2025, to cover El Dorado County's endpoint licenses for 2,300 devices.  Crowdstrike has recently made changes to the Falcon Complete Limited Warranty Agreement and has requested customers sign and return the updated Warranty Agreement.  This is no-cost warranty for Falcon Complete customers.  County Counsel has reviewed and approved the updated agreement.  IT is requesting Board approval for the Director of IT to execute and return the updated Warranty Agreement to Crowdstrike.  The warranty wording has been updated, but the intent of the warranty has not changed.  The warranty grants the County limited liability for a security event.  The updated warranty includes a warranty cap based on the endpoint quantity.  The warranty outlines the exclusions for coverage which includes security incidents resulting from a customer allowing covered endpoints to fall below the Measured Security Posture, failing to follow Crowdstrike's prevention or remediation instructions, or altering the Falcon Complete product.  Other exclusions include the customer's fraudulent, criminal, or malicious acts, violations of the law and other physical and force majeure events. 

 

This Board item addresses the warranty under Falcon Complete and not the current purchasing document with Crowdstrike (PO 24000924).  Crowdstrike was part of a nationwide service disruption in July.  The event with Crowdstrike was not a security incident or failure to detect a security incident.  The event was an error in their change management processes.  Crowdstrike has implemented procedure improvements resulting from lessons learned from the service disruption.  Crowdstrike is still the industry leader in endpoint security.  Any attempt to remove and replace this vital security technology would be a massive undertaking causing significant strain on both internal and financial resources.

 

ALTERNATIVES

The Board could decline the updated warranty provisions and the County would not have a warranty included in the general agreement for this licensing term.

 

PRIOR BOARD ACTION

24-0185 - On February 27, 2024, the Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $155,878.90 for the period of March 4, 2024, through March 3, 2025 for Falcon Complete endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-823645.

23-0082 - On February 14, 2023, the Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $148,455.80 for the period of March 4, 2023, through March 3, 2024, for Falcon Complete endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-579846.

22-0850 - On May 24, 2022, the Board authorized the Purchasing Agent to issue a Purchase Order in the amount of $32,775.52 for the period of June 5, 2022, to March 3, 2023 for additional licenses for necessary security endpoint protection and authorized the Purchasing Agent to accept and execute Crowdstrike quote Q-441989.

 

OTHER DEPARTMENT / AGENCY INVOLVEMENT

N/A

 

CAO RECOMMENDATION / COMMENTS

Approve as recommended.

 

FINANCIAL IMPACT

There is no financial impact to updating the Warranty Agreement for the existing licensing term.

 

CLERK OF THE BOARD FOLLOW UP ACTIONS

N/A

 

STRATEGIC PLAN COMPONENT

N/A

 

CONTACT

Tonya Digiorno, Director of Information Technologies