Home › Industries › Energy and Utilities › Operational Technology Cyber Shield for a Large Energy Company
The client
The client, headquartered in Houston, Texas, is one of the largest oilfield services companies globally. They provide products and services for oil and gas exploration, development, and production in over 70 countries with key markets in North America, Latin America, Europe/Africa, and the Middle East/Asia.
Their core business focuses on completion and production services, including well completion, hydraulic fracturing, and cementing, as well as drilling and evaluation services, such as formation evaluation and subsea operations. This comprehensive range of offerings relies on a robust Operational Technology (OT) ecosystem that requires enhanced cybersecurity to address emerging risks.
Overview
The client embarked on a digital transformation of their OT environment to mitigate risks associated with IT-OT convergence. Real-time visibility of OT assets and vulnerabilities was critical to ensuring proactive and reactive protection of their critical infrastructure. To achieve this, they partnered with LTIMindtree. LTIMindteee implemented the Claroty Collection Server and xDome, a SaaS-based management console, which provided centralized, real-time monitoring of OT operations. The integration of xDome with enterprise tools like Splunk- SIEM, Microsoft Defender, and Azure Active Directory further strengthened their OT security management.
Need for change
The oil and gas industry is facing increasing pressure to enhance cybersecurity measures due to the convergence of IT and OT environments. This convergence has introduced new vulnerabilities and risks that need to be managed effectively. Organizations in this industry require a centralized, real-time view of their OT assets and vulnerabilities to mitigate risks proactively. Leveraging innovative technology is the key to addressing these challenges, ensuring a holistic and proactive approach to the security of critical infrastructure and OT while supporting scalable, reliable operations in a rapidly evolving threat landscape.
Challenges
The client faced several security challenges in their OT environment, including:
- Limited visibility of OT assets, leading to unidentified vulnerabilities such as exposed IPs, end-of-life systems, open ports and unsecured protocols.
- Absence of a network intrusion detection system (NIDS) to detect malicious traffic. No mechanism to view and assess the overall risk posture in the OT ecosystem.
- Lack of a centralized OT asset inventory, which hindered effective security management.
- No integration with enterprise tools for in-depth security visibility.
- Undefined OT processes for vulnerability management, leaving the environment unprotected against evolving threats.
LTIMindtree’s solution
LTIM deployed a Claroty collection server at nine sites, connecting them with the Claroty xDome management console. Key activities included:
Review of client OT network and Demilitarized Zone (DMZ) architecture to understand traffic and VLANs.
Verified readiness for server deployment and identified core/master switches and Switch Packet Analysis (SPAN) ports at each site.
Connected servers to master/core switch SPAN ports and configured xDome.
Customized and fine-tuned alerts to reduce false positives.
Comprehensive asset inventory: OT asset discovery involved passive monitoring and active scanning to identify devices and build an inventory. Assets were classified by type, function, and criticality. Validation was done against Cisco ISE inventory and physical checks.
Vulnerability discovery: OT vulnerabilities discovery reported gaps and provided recommendations. xDome was integrated with Microsoft Defender, Splunk, and Azure AD SSO for enhanced security oversight.
Developed clear OT processes: Developed an OT vulnerability management process, enabling continuous threat monitoring. Created deployment and integration documentation and provided training during transition. Assisted in recovery from an exploitation scenario.
LTIMindtree collaborated closely with Claroty USA, enhancing product value by resolving gaps and raising feature requests.
Figure: Deployment and integration diagram
Tech stack
| Claroty Collection Server | Claroty xDome |
| Claroty Edge | Azure AD for SSO |
| Splunk (SIEM) | Microsoft Defender |
Benefits
The deployment and integration of the Claroty collection server and Claroty xDome transformed cybersecurity for the client’s entire OT ecosystem, taking them from a low-visibility, reactive approach to a proactive cybersecurity stance with powerful, holistic, centralized, real-time visibility of all their OT assets and threats. This enabled real-time threat neutralization and scalability, bridging the gaps in their OT security. It facilitated:
Centralized, real-time visibility
- Centralized and accessible dashboard for real-time monitoring of all OT assets and vulnerabilities.
- Scalable, holistic oversight, integrating seamlessly with existing sources of truth – Splunk and Microsoft Defender.
- Customized and fine-tuned alerts focus on high-priority threats, reducing false positives.
Improved risk posture management
- Comprehensive, real-time understanding of risk levels across all locations and systems.
- Proactive mitigation of known vulnerabilities and threat analysis, categorization and prioritization in real-time.
Proactive cybersecurity processes
- Integration of OT vulnerability management into the centralized Security Operations Center (SOC) framework.
- Streamlined tools and processes to reinforce risk mitigation efforts.
- Real-time threat neutralization with centralized risk management across the enterprise
- Proactive and reactive protection of critical assets and business operations
Additionally, immediate ROI was observed when active exploits were identified and mitigated within the first day of deployment, showcasing the solution’s efficacy. The LTIM team also achieved a high Customer Satisfaction Survey (CSS) rating of 85%, underscoring the solution’s impact.
Conclusion
The deployment and integration of Claroty has enhanced visibility along with threat detection and response rate with real-time asset and vulnerability management in the client’s OT environment. This led to a reduction in undiscovered network intrusions and decrease in false positives. It has also helped the client to proactively protect their assets, reputation, and long-term viability. This powerful, centralized solution serves as a cyber shield for the client enabling robust operations and scalability for sustainable business success in a world of growing cyber threats.
Ready to take the next step in protecting your critical OT assets?
Reach out to us at eugene.comms@ltimindtree.com.
