Customer Case Studies

How OTORIO Extended Asset Visibility for a Pulp and Paper Company

Customer Challenges

The company lacked visibility over all of its OT industrial assets and lacked a complete digital footprint of its operational environment. The pulp and paper manufacturer experienced a high volume of alert noise from an existing IDS solution, often delivering false-positive alerts that led to alert fatigue. It also experienced challenges with:

  • Unclear and partial asset visibility, with limited details and poor context
  • Limited resources to address each vulnerability and alert
  • An inability to prioritize risk mitigation actions effectively and efficiently
  • OT Security skill gap
  • Lacking a good understanding of the company’s network security posture and the potential business consequences of security gaps

 

OTORIO’s Solution

OTORIO’s RAM² (risk assessment, monitoring and management) solution built a rich OT asset inventory and overview by integrating with the company’s industrial assets and existing security solutions. RAM² successfully integrated with the company’s ABB 800xA Distributed Control System (DCS) delivering valuable insights beyond the data gathered from the existing IDS :

  • Aspect directory integration delivers details about machine controllers, identifying the OT logic of each one
  • Logs of ABB’s 800xA Redundant Network Routing Protocol (RNRP)
    • RAM² monitors RNRP logs to deliver alerts about errors and abnormal events, and indications of attacks on the DCS network
  • OPC protocol integration delivered live system events
    • RAM² provides detailed operational context for the DCS assets , such as DCS object, user, node name and values before and after operators change a specific process parameter.

 

To create comprehensive network visibility in the OT environment, RAM² expanded integrations, identified all types of physical assets and the communication among them.

 

Benefits for the Pulp and Paper company

  • Comprehensive OT assets visibility with a unified view of risk for OT, IT, and IIoT-aligned network security systems and industrial systems in the OT environment
  • The company’s security teams have operational context and impact analysis of an asset or process-level for OT risk-based management
  • OTORIO’s RAM² insights improved the company’s MTTD and MTTR, reduced noice, and highlight which risks and vulnerabilities to prioritize
  • It receives safe operational security posture assessments that don’t disrupt its ongoing operations
  • The company improved ROI by leveraging and integrating its existing security controls and tools with OTORIO’s RAM² platform
  • Teams have risk mitigation playbooks with clear instructions to harden site-specific OT network risks and
    vulnerabilities

 

 

Read More