In today's digital age, ensuring the security and resilience of critical operational processes is of utmost importance. This case study focuses on a customer in Finland who sought a solution to detect intrusions and identify malicious traffic within their industrial networks. They desired a proactive approach to cybersecurity, with unparalleled visibility into their Operational Technology (OT) assets and network traffic flows. Additionally, the customer aimed to transmit security posture snapshots to a centralized data center for further analysis by their security analysts' team. Insoft Services, a leading provider of cybersecurity solutions, offered a comprehensive solution that addressed these challenges while minimizing capital investments.
The customer faced the challenge of safeguarding their critical operational processes against cyber threats. They required a solution that could provide intrusion detection and identify malicious traffic within their industrial networks. The customer also prioritized a proactive approach to security, aiming to detect and mitigate threats before they could cause significant damage. Furthermore, they sought a solution that would offer unparalleled visibility into their OT assets and network traffic flows, enabling them to monitor and analyze potential security risks effectively. Lastly, the customer wanted to transmit security posture snapshots to a centralized data center for further analysis by their security analysts' team.
To address the customer's challenges and minimize capital investments, Insoft Services proposed the following solution:
Data Analysis and Visualization : In each major location, such as power grid stations, a Cisco CyberVision instance was hosted on a UCS C-series server. This allowed for comprehensive data analysis and visualization, enabling the customer to gain insights into their network traffic and identify potential security threats.
Metadata Collection : For "Small" setups, one Cisco IE3400 switch was deployed per location. These switches were connected to the core of the OT network, allowing for the collection of metadata. In "Large" setups, one Catalyst 9300 switch was used instead, providing enhanced capabilities for metadata collection. This approach ensured that the customer had a clear understanding of their network assets and traffic flows.
Connectivity and Data Transmission Across WAN : For "Small" setups, one Cisco IR1101 router was deployed per location. This router facilitated connectivity and data transmission across the Wide Area Network (WAN), ensuring seamless communication between different locations. In "Large" setups, a more robust solution was implemented, consisting of one Cisco Catalyst 8000v + CG522. This formed the vEdge level of the Software-Defined Wide Area Network (SDWAN), offering enhanced connectivity and data transmission capabilities.
To provide high visibility and minimize hardware investments, a SPAN (or TAP) session was configured from core devices in the current OT network environment towards switches that had sensors (IE3400 or Catalyst 9300). This allowed for a comprehensive view of network traffic, enabling the customer to detect and mitigate potential security threats effectively.
By implementing Insoft Services' solution, the customer achieved their desired level of security and resilience within their industrial networks. The proactive approach to cybersecurity, enabled by intrusion detection and malicious traffic identification, ensured that potential threats were detected and mitigated promptly. The unparalleled visibility into OT assets and network traffic flows allowed the customer to monitor and analyze potential security risks effectively. Moreover, the transmission of security posture snapshots to a centralized data center facilitated further analysis by the security analysts' team, enhancing the overall security posture of the customer's industrial networks.
Insoft Services successfully addressed the customer's challenges by providing a comprehensive solution that met their expectations and minimized capital investments. By leveraging Cisco CyberVision, IE3400 switches, Catalyst 9300 switches, IR1101 routers, and Catalyst 8000v + CG522, the customer achieved heightened security and resilience within their industrial networks. The solution offered unparalleled visibility into their OT assets and network traffic flows, enabling effective monitoring and analysis of potential security risks. This case study highlights the importance of a proactive approach to cybersecurity and the value of partnering with experienced providers like Insoft Services to safeguard critical operational processes.