Case Study

Manufacturer Uses Risk Assessment to Protect IT and OT Assets

WWT addresses system patches, network segmentation and concerns related to governance, risk and compliance

Overview

A global manufacturing company was faced with evaluating and implementing a security plan over the course of five years. The company’s execute team sought a trusted advisor who could provide objective thought leadership, evaluate their current level of risk and propose solutions across several OEMs to remediate issues. We were selected to fill this role based on our objectivity, industry experience and ability to execute.

Challenge

Risk assessments are a critical component of any sound security program as they enable organizations to proactively detect and remediate security vulnerabilities. This Global Manufacturer required a security risk assessment that would ensure the organization was meeting the security objectives of their executive team, which included the protection of sensitive customer, organizational and employee data from unauthorized use, disclosure, modification or destruction.

This engagement extended beyond the traditional corporate enterprise to include the manufacturing facilities themselves. As manufacturers continue to move forward with the Internet of Things (IoT) and connected factory strategies, an exponentially greater number of endpoints become targets for a breach. Broadening security assessments, postures and policies to include industrial control systems and production machines, as well as the underlying infrastructure they connect to, ensures personal safety, unimpeded operations and protection of sensitive production information.

Solution

As part of our overall risk assessment, we conducted a vulnerability scan that revealed multiple threats. After presenting this data to the customer, we were able to help them prioritize these threats and put in place a project plan based on their immediate and long-term needs. The plan included steps they could take to patch their systems, segment their network, and implement best practices around governance, risk and compliance.

Conclusion

Not only did we present the customer with detailed report that will serve as their security roadmap, but we also remediated some of the issues that were unearthed as a result of the vulnerability scan. Additionally, we helped them compare multiple OEM security products based on their footprint. As the manufacturer works to improve security in the coming years, they now have a partner that can help them identify and prioritize which threats to focus on and how to comprehensively mature their security posture based on the desires of their executive team. Currently we are working with the Global Manufacturer on a cyber remediation strategy. With security risks mitigated, this customer can now invest in IoT initiatives that will ultimately increase productivity.