Oil and Gas Exploration Company
Companies in the oil and gas industry are under constant attack from sophisticated attackers who are often sponsored by adversarial nation-states with large oil and gas industries. These attackers are particularly interested in exploration data that could be passed on to the firms in their countries in the hopes that they can jump in and obtain the rights to the deposit before domestic companies. Failing that, they will resort to sabotage in the form of ransomware to disrupt their operations. The industry standard approach to addressing this problem is security monitoring, driven by a Security Information and Event Management (SIEM) system to analyze the massive amounts of security data collected across the company.
This client in the oil and gas exploration market had a large, complex SIEM implementation from one of the leaders in the space. The client became concerned that their SIEM may not have been detecting all the activity that it was supposed to. Further they were concerned that the activity it was designed to detect was insufficient for the sophisticated attacks they were facing.
SCALESOLOGY IN ACTION
Scalesology personnel came in and performed a SIEM evaluation. This evaluation consisted of methodically going through the use cases and configuration of the SIEM. For each use case we ascertained if the system was receiving the correct data and processing it in the expected manner. We found the largest issue with the system was that the original implementor made heavy use of templates that had not been properly tuned for this client. Consequently, we updated all the references to use the correct data for the client. Finally, we identified malicious activity that the SIEM did not currently detect, but that it should be capable of doing given the existing data sources. This activity was aided by our understanding of threat actors in the oil and gas space, such that we could focus on the activity which presented the highest risk to the client.
Upon the conclusion of the SIEM evaluation, the client had a security monitoring solution that they knew worked for established use cases. Additionally, they had a roadmap for the development of new use cases to maximize their security monitoring coverage at minimal cost. These two deliverables provided the client with much better detection of malicious activity in a very hostile environment.