Companies in the energy sector provide critical services that must be available and monitored 24 hours per day. They must not only respond to real-time events as quickly as possible but also address issues proactively by identifying potential risks and problems before they happen. To accomplish this, companies must have comprehensive and effective solutions for monitoring, identifying, prioritizing, and escalating potential or existing security issues. This allows them to respond to them as quickly and efficiently as possible.
Our client is a leading energy corporation focused on the global logistics of fuel products and services. They provide both cyber security and physical security as part of these logistics and as such, must have solid plans for monitoring and responding to potential security incidents in order to act on them as quickly as possible. As part of a complex global industry, they are also subject to compliance with various regulations, including GDPR, SOX.
The client was searching for a more strategic approach to corporate security. They needed a program that included security event monitoring and incident management, with threat analysis, event monitoring, and notifications.
We perform monitor alerts and policy exceptions generated by our Security Operations Center (SOC), which are then analyzed to determine if the event is a security incident, in which case we and the client initiate the mutually defined incident response plan to classify, prioritize, and escalate the security incident accordingly. We perform incident handling capabilities such as:
- Executing predefined incident playbooks for incident handling of events
- Adjusting alert prioritization based on criticality and risk-based response profiles identified in the customer ARMED Portal
- Escalating security incidents to an authorized security contact or designated services contact
- Assisting the security teams with performing root cause and impact analysis
- Providing remediation/countermeasure recommendations
- Performing advanced threat hunting to identify root cause and impact analysis
- Performing remediation or deployment protection techniques in accordance with defined incident response processes
- Managing and tracking ticket progress to resolution and closure
- Documenting experiences to improve policies and response plans
- Updating incident response and communications plans to reflect any process changes and perform updates to existing policies and procedures
The client’s alignment with UDT’s Security Operations Center has enabled its corporate security department to become more strategic and effective in their operations. We have become their tactical arm, engaged from aggregation, correlation, and detection, as well as across the environment on incident response and recovery. Our ongoing program has so far yielded the following results:
- Technological complexities were reduced by consolidating numerous portals, alerts, notifications, and points of investigation, which reduced the overhead of managing the security technology stack.
- Personnel shortages were mitigated by converting their security operations into a 24/7/365 solution with the SOC.
- Costs were decreased by eliminating licensing for products that were no longer needed.
- Security posture was matured across multiple regulations, including GDPR and SOX.
- MTTD and MTTR were decreased, including incidents from both host detection analytics and network detection analytics.