A large utility company approached MixMode with the following scenario: The enterprise SOC was utilizing a shared SIEM application that was being utilized by several stakeholders: the networking team, the SCADA team, the dev-ops team, the compliance team and cybersecurity teams for “basic search and investigation of log files to meet regulatory compliance requirements”.
Although the compliance team at this utility found the SIEM satisfactory, the cybersecurity team was hindered by the system’s inability to perform several fundamental functions including its ability to:
- Identify and detect real-time network traffic analysis and variations they suspected would be reflective of state-sponsored attacks
- Alert on policy violations and network misconfigurations that represent serious threats to the organization
- Detect adversarial AI attacks
- Detect individual or collaborative hacker attacks taking place on a daily basis
- Develop a baseline of expected network behaviors based on a continually evolving baseline
- Adequately monitor a mix of legacy systems, cloud data and on-prem resources
The seriousness of these fundamental failings was further underscored by the fact that the regional utility grid infrastructure was at risk. A serious breach could mean a major real world threat to an entire region, should the utility grid become compromised through an attack.
Continue reading our newest use case, “Why a Large US Utility Company Turned to MixMode to Address Utility Grid Vulnerabilities,” to learn more about the utility company’s barriers to successful network oversight and how they determined that MixMode provided a far greater level of visibility and granularity to both the network and security teams while decreasing the traffic flow to their SIEM system.