Augmentation of a SCADA based firewall against foreign hacking devices
Cs a multi-national oil and gas company
1. CASE STUDY
Company
A multinational oil and gas company
Description
One of the top ten energy producers with
operations in over 50 countries
Location
United States
OVERVIEW
With today’s bring your own device (BYOD) momentum employees, partners, and customers are accessing web
portals, networks, and shared connections via personal
devices that are not protected or monitored by a company’s
IT security experts. With thousands of personal devices
connecting to open wireless networks on a daily basis the
danger of a compromised network looms large.
“
Thanks to Seculert’s Botnet
Interception, an attack that was
already in progress was detected
and stopped.
“
2. CASE STUDY
THE CHALLENGE
For a large energy sector enterprise, the risk of being unable to control and monitor the personal devices used by its
employees to access corporate assets is of great concern. These devices create major vulnerabilities that cannot be controlled
effectively. The company sought a tool with the following specifications to solve their problem:
• Enable employees to use their own devices without the need to install any agent or software
• No purchase of an additional on-premises device to be placed on the network
• Deploy quickly across multiple sites worldwide
• Avoid the need for employees to bring devices to IT for installation or install themselves
• Provide detailed forensics
• Supply timely intelligence, so IT teams can act swiftly
THE SOLUTION
The enterprise decided to use Seculert’s proactive Botnet Interception technology. During set-up the enterprise’s IT security
team entered all internal and external facing domains as well as web-based portals into Seculert’s system. Meanwhile,
integration between Seculert’s cloud-based service and the enterprise’s MDM was established through the Seculert API by a
member of the IT security team. This allowed the enterprise to block breached devices when identified by Seculert.
The total setup took less than ten minutes. The solution immediately identified a personal mobile device that was communicating
from within the company’s network to known domains used by command and control servers. The MDM immediately blocked
this device plus Seculert’s detailed forensics allowed the company’s IT security team to pinpoint the owner of the infected
device and push instructions to their firewalls to block this employee’s access to critical assets and services (that he would
normally have access to). This case was then escalated to the appropriate internal IT team that approached the user and
cleaned the infected device.
The user was then required to reset his passwords to all critical applications before the firewall restriction was removed.
BENEFITS
Thanks to Seculert’s Botnet Interception, an attack that was already in progress was detected and stopped. From that point
on, the oil and gas enterprise was able to monitor their connections and traffic to immediately detect new infections. Since
Botnet Interception is device agnostic and cloud-based, it can discover compromised endpoints at headquarters and at
satellite offices worldwide. Thus the company is able to reduce the risk that sensitive information and credentials are leaked
through unprotected devices and is able to detect malicious activity of infected devices connecting to their web assets.
Toll Free (US): 1-855-732-8537
Tel (US): 1-408-560-3400
Tel (UK): 44-203-355-6444
Tel (Intl): 972-3-919-3366
info@seculert.com
www.seculert.com