OT SOC Implementation
Brief :
A major pharmaceutical company planned to extend its existing Security Operation Center (SOC) to its production environment. In particular, the demand focused on increasing the detection capabilities in the production environment and as well structuring the site-specific communication and response capabilities for these enhanced detection capabilities.
BxC was asked to support the analysis of the current SOC capabilities concerning the manufacturing environment, to plan and implement an OT-specific detection strategy including OT security use cases, not to mention response procedures for the future OT SOC setup.
Activities :
OT DETECTION AS-IS STATUS ANALYSIS
BxC reviewed the existing log sources available in the IT SOC for the IT environment and assessed their immediate relevance to the OT environment. In that way, BxC supported the existing SOC team to extend the use cases scope to OT for existing use cases.
OT SECURITY USE CASES DESIGN
Based on workshops gathering both IT and engineering experts, BxC coordinated the design of sector-specific OT Security use cases. This was based on the identification of the threat-specific landscape as well as the analysis of the OT-specific log sources.
INCIDENT RESPONSE ORGANIZATION
BxC designed a communication plan to react best to security alerts and potential incidents, therefore fostering collaboration between the sites’ IT and OT teams. BxC also participated in raising cyber incident awareness across all IT and OT stakeholders.
results :
Since BxC's involvement OT security maturity has improved with continuous enhancements established. ? Discover our successes now!
Awareness of OT Security incident response measures and processes across production sites and central units improved
150 OT-specific use cases designed and structured into a four-wave implementation schedule based on complexity, log source availability, and security criticality
20 OT-specific use cases implemented in the first two months of the implementation phase to cover the most relevant security threats based on available log sources and logs
Long-term improvement of the OT detection and response capabilities by bridging the gap between the central SOC and the local response teams