Operational Technology Cyber Shield for a Large Energy Company

The client

The client, headquartered in Houston, Texas, is one of the largest oilfield services companies globally. They provide products and services for oil and gas exploration, development, and production in over 70 countries with key markets in North America, Latin America, Europe/Africa, and the Middle East/Asia.

Their core business focuses on completion and production services, including well completion, hydraulic fracturing, and cementing, as well as drilling and evaluation services, such as formation evaluation and subsea operations. This comprehensive range of offerings relies on a robust Operational Technology (OT) ecosystem that requires enhanced cybersecurity to address emerging risks.

Overview

The client embarked on a digital transformation of their OT environment to mitigate risks associated with IT-OT convergence. Real-time visibility of OT assets and vulnerabilities was critical to ensuring proactive and reactive protection of their critical infrastructure. To achieve this, they partnered with LTM. LTIMindteee implemented the Claroty Collection Server and xDome, a SaaS-based management console, which provided centralized, real-time monitoring of OT operations. The integration of xDome with enterprise tools like Splunk- SIEM, Microsoft Defender, and Azure Active Directory further strengthened their OT security management.

Need for change

The oil and gas industry is facing increasing pressure to enhance cybersecurity measures due to the convergence of IT and OT environments. This convergence has introduced new vulnerabilities and risks that need to be managed effectively. Organizations in this industry require a centralized, real-time view of their OT assets and vulnerabilities to mitigate risks proactively. Leveraging innovative technology is the key to addressing these challenges, ensuring a holistic and proactive approach to the security of critical infrastructure and OT while supporting scalable, reliable operations in a rapidly evolving threat landscape.

Challenges

The client faced several security challenges in their OT environment, including:

• Limited visibility of OT assets, leading to unidentified vulnerabilities such as exposed IPs, end-of-life systems, open ports and unsecured protocols.
• Absence of a network intrusion detection system (NIDS) to detect malicious traffic. No mechanism to view and assess the overall risk posture in the OT ecosystem.
• Lack of a centralized OT asset inventory, which hindered effective security management.
• No integration with enterprise tools for in-depth security visibility.
• Undefined OT processes for vulnerability management, leaving the environment unprotected against evolving threats.

LTM’s solution

LTM deployed a Claroty collection server at nine sites, connecting them with the Claroty xDome management console. Key activities included:

• Review of client OT network and Demilitarized Zone (DMZ) architecture to understand traffic and VLANs.
• Verified readiness for server deployment and identified core/master switches and Switch Packet Analysis (SPAN) ports at each site.
• Connected servers to master/core switch SPAN ports and configured xDome.
• Customized and fine-tuned alerts to reduce false positives.
• Comprehensive asset inventory: OT asset discovery involved passive monitoring and active scanning to identify devices and build an inventory. Assets were classified by type, function, and criticality. Validation was done against Cisco ISE inventory and physical checks. 
• Vulnerability discovery: OT vulnerabilities discovery reported gaps and provided recommendations. xDome was integrated with Microsoft Defender, Splunk, and Azure AD SSO for enhanced security oversight.
• Developed clear OT processes: Developed an OT vulnerability management process, enabling continuous threat monitoring. Created deployment and integration documentation and provided training during transition. Assisted in recovery from an exploitation scenario.

LTM collaborated closely with Claroty USA, enhancing product value by resolving gaps and raising feature requests.

Tech stack

• Claroty Collection Server
• Claroty Edge
• Splunk(SIEM)
• Claroty xDome
• Azure AD for SSO
• Microsoft Defender

Benefits

The deployment and integration of the Claroty collection server and Claroty xDome transformed cybersecurity for the client’s entire OT ecosystem, taking them from a low-visibility, reactive approach to a proactive cybersecurity stance with powerful, holistic, centralized, real-time visibility of all their OT assets and threats. This enabled real-time threat neutralization and scalability, bridging the gaps in their OT security. It facilitated:

Additionally, immediate ROI was observed when active exploits were identified and mitigated within the first day of deployment, showcasing the solution’s efficacy. The LTM team also achieved a high Customer Satisfaction Survey (CSS) rating of 85%, underscoring the solution’s impact.

Conclusion

The deployment and integration of Claroty has enhanced visibility along with threat detection and response rate with real-time asset and vulnerability management in the client’s OT environment. This led to a reduction in undiscovered network intrusions and decrease in false positives. It has also helped the client to proactively protect their assets, reputation, and long-term viability. This powerful, centralized solution serves as a cyber shield for the client enabling robust operations and scalability for sustainable business success in a world of growing cyber threats. 

Ready to take the next step in protecting your critical OT assets?

Reach out to us at eugene.comms@LTM.com.