White Paper: Cybersecurity for Multinational Gas and Electrical Distribution

White Paper: Cybersecurity for Multinational Gas and Electrical Distribution

Download Paper

Learn how Industrial Defender’s ASM enabled a large electric and gas utility to unify their OT architecture for enhanced security monitoring and put in place network intrusion detection in order to monitor suspicious network activity.

Customer Profile

The client is a European multinational electricity and gas utility company providing the transmission and distribution of power. Its principal activities span multiple countries with an annual revenue in the tens of billions.

Since 2009, the client has been using Industrial Defender products and services. The client deploys the Industrial Defender Automation System Manager (ASM) along with the Network Intrusion Detection System (NIDS) to monitor their critical assets and control system networks for natural gas and electricity supply.

Goals

To monitor events and network activity in their systems.
To be alerted when a new kind of communication or an attack is taking place on their networks.
To detect arbitrary status or configuration changes in assets in their environments.
To be able to investigate any issue easily.
To ensure that production operation computing assets of the same type are built correctly and in adherence to a configuration standard.

Results

Monitoring Events and Network Activity – The client has a variety of Linux and Windows end points and get lots of valid authentication events, but they intentionally don’t want to filter some of these valid events. One example is valid log ins that occur when certain users log in as the privileged user. The Industrial Defender solution allows them to easily see if anyone is abusing or misusing this privilege. Using ASM Event Search, they can quickly and easily find any event irregularities.
Network Alerting and Easy Issue Investigation – On a few occasions, the client had issues that suggested they were under attack. In one case, of they were alerted of unusual network activity of a certain traffic type, and they started an investigation. They used the ASM Events Search extensively to correlate the sequence of the events. After investigating the network activity details valid log ins to certain machines, and related hardware events, they concluded that a vendor was using a USB stick that had not been scanned for viruses. At that point, the client told the Industrial Defender engineer, “Your solution just paid for itself.”