A global automotive manufacturer asked OTORIO to help them manage continuous cyber security risk assessments to enable their safe digital growth.

Background

The automotive manufacturer was dealing with several issues, including:

• Insufficient visibility into asset inventory, vulnerabilities, and risks
• Gaps in understanding of the operational impact of risks
• A shortage of mitigation instructions
• No visibility over converged OT-IT security posture

Furthermore, the manufacturer wanted to move beyond the reactive, post-breach detection approach that was offered by their existing cybersecurity tools since a response after an attack is more costly and less effective than attack prevention. In addition, the automotive company’s operational teams found it difficult to make sense of mitigation responses proposed by their existing system. As a result, the organization was at risk of being exposed to high-impact cyberattacks.

Goals:

The automotive manufacturer was looking to:

• Identifying security risks that could impact production
• Evaluate the company’s security posture and vulnerabilities, applying mitigation and improvement measures.
• Detect and correlate data OT/IT/IOT assets, such as data from multiple sources within the customer's industrial network
• Monitor and track changes in assets and configurations on the production floor in real-time
• Reducing the complexity and improving the efficiency of SecOp activities
• Standardizing the security efforts across operational processes
• Identify compliance gaps and suggest resolutions steps

Initial Findings

Working closely with the automotive manufacturer’s security teams, OTORIO’s experts were able to map several gaps in the organizational management of OT risks, namely:

• Separate systems were handling different security aspects within both the OT and IT environments.
• There was only a partial understanding of the prioritization of risks or security posture.
• Security risks were not assessed in the context of their impact on production processes.
• The risk analysis was focused on incident management and input from the CISO, while decisions regarding security actions were made by operational personnel on the production floor.

The Solution

OTORIO RAM² was implemented on the automotive converged OT-IT network to provide contextual asset inventory management, operational impact, risk prioritization and mitigation, and enhanced compliance governance.

Utilizing RAM², the automotive manufacturer was able to significantly reduce the number of alerts. Disparate alerts from a variety of cybersecurity tools were now aggregated into clear, contextualized insights - allowing security teams to identify and mitigate security risks with the highest impact on production. It also allowed the customer to significantly improve asset inventory management and become aware of minor production floor changes. Moreover, RAM²’s automated compliance governance capability enabled the manufacturer to accurately measure their compliance with relevant industry cybersecurity standards.

Now, the production floor team is made aware of their state of compliance. If compliance scores fall below the required threshold, RAM² provides simple playbooks, allowing the automotive company’s operational teams to quickly resolve the issues. This also enabled the teams to focus on complying with future automotive cybersecurity standards, a well.

The Benefits

Together, the teams improved the client’s risk prioritization strategies, providing a positive impact on the production processes. This included:

• Risk reduction - By attaining asset visibility and mapping assets to vulnerabilities and operational processes, the customer was able to quickly understand its organizational ris posture and proactively remove risks before they could become breaches.
• Eliminate alert fatigue – By orchestrating data from multiple sources and correlating the into meaningful insights that are contextualized with operational process, RAM² helps the customer reduce the number of alerts and focus only on the most critical risks.
• Visibility - OTORIO’s unmatched asset inventory capability automatically tailors the customer’s industrial environment - creating a hierarchical view of assets in different plants, shops and cells, with a risk calculation and dashboards for every business level. As result, the customer was able to better understand their security posture and map areas that required more attention.
• Speed - By eliminating the need for manual mapping of new vulnerabilities to the thousands of assets in the plant and automating the triage and correlation of tens of thousands of alerts, RAM² made a massive task feasible. In addition, by providing easy use playbooks, RAM² made the customer’s risk mitigation processes faster and more efficient.
• Prioritization - RAM² enabled smarter analysis of CVE information based on OTORIO’s OT industrial vulnerabilities database, only triggering alerts on items that are relevant to the specific assets, models, and versions. RAM² also calculated risk based on a combination of the cybersecurity threat severity and probability with the potential impact on operations – enabling the customer to prioritize risks according to their operational impact.