A global food and beverage company was proud of how its digital transformation initiatives were increasing productivity and efficiency. The company knew it could multiply these benefits by extending digital innovation and connectivity to its plants and bottling partners worldwide to see production anytime, anywhere. However, the company also knew it had to do this securely, which meant gaining visibility into its operational technology (OT) networks so its security teams could see threats anytime/anywhere as well.
Challenges
The company had prioritized its use cases to address the top two areas of risk that threatened the continuous operational availability, safety, and reliability of its production environment:
- Malware infection: While the convergence of IT and OT networks unlocks business value, it also can give rise to new risks. Without proper controls in place, both targeted and non-targeted threats can maneuver from IT to OT environments. The potential spillover from a malware attack to OT networks can be costly, disrupting or halting production while creating safety and compliance issues.
- Change in controller operation at remote facility: The company’s water treatment facility is physically isolated from the plant. The systems that run the facility operate the same way every day. Any change could indicate a threat of contamination to the water, but the company lacked granular visibility into these systems to understand and explain changes.
Solution
After a rigorous evaluation, the underlying technology included in Tripwire® Industrial Visibility was deployed on top of the existing infrastructure at each plant and bottling facility and then integrated with the security information and event management (SIEM) technology used by the company’s security operations center (SOC).
As part of the solution, the company deployed:
- The underlying technology included in Tripwire Industrial Visibility Threat Detection Console for full-spectrum OT asset visibility, continuous security monitoring, and real-time risk insights with zero impact to operational processes and underlying devices.
- The underlying technology included in Tripwire Industrial Visibility Management Hub to simplify management overall, consolidating data from across the solution and providing a unified view of assets, activities, and alerts across multiple sites. The platform also integrates seamlessly with IT infrastructure via the Management Hub.
Results
The company now has end-to-end (IT to OT) playbooks for each use case. Using an integrated SOC, IT and OT teams can collaborate to detect threats, mitigate risk, and remediate to bring devices back into compliance with security policy while limiting operational disruption