Energy companies are considered “critical infrastructure” and are prime targets for cyber-attacks from state sponsored attackers. The maturity of security tools in energy OT (Operational Technology) networks generally lags behind traditional IT networks, making such networks are susceptible to attacks.
Critical infrastructure provides essential services and any service disruptions could have a significant impact to a significantly large user base. Consequently, availability and uptime were of the highest priority to the client, and conducting a holistic assessment of their architecture was a challenging task due to any potential disruptions caused by traditional testing methods.
We performed a vulnerability scan and gathered network device configurations to develop a virtual network model of the client’s IT environment. This virtual model was further enhanced with additional data points including vulnerability and threat intelligence data. The virtual network model was used to run “attack simulations” on the client network from relevant threat sources.
This exercise produced valuable technical observations and recommendations related to key cyber security risks and highlighted gaps in the client’s layered security model. To assist with the implementation of the targeted recommendations derived from the risk assessment, we delivered a Security Architecture Workshop, wherein we collaborated with the client on solutions for their most challenging cyber security issues.
- Provided a variety of realistic simulations that replicated attacker techniques and provided validation of cyber defenses in place.
- Performed testing without any disruption to a highly sensitive environment, while accurately outlining risks related to lateral movement and remote code execution.
- Provided visibility and a viable path forward to improve overall cyber resilience with validation of network rules in the virtual model prior to production rollout.
Looking to safeguard your organization? Learn how our cyber security solutions can help you.