Customer Case Studies

How OTORIO Helped an Oil Refinery Eliminate Alert Fatigue

A Brief Overview

Reduced Noise from existing IDS

The company is an energy petrochemical refinery with geographically dispersed assets for petroleum refining, logistics, asphalt, renewable fuels, and retail convenience stores. Although it invested in OT cyber security solutions, the company's security team experienced alert fatigue due to the high volume of false-positive security notifications from its existing Intrusion Detection System (IDS). It also had challenges with its OT cyber security posture because it lacked asset visibility over all of the company's geographically scattered and unmanned environments. The sheer volume of alerts, combined with an inability to recognize real high-priority security threats with its existing resources, was a major challenge that the ream needed to solve.

The company contacted OTORIO for an efficient and effective solution to:

  • Reduce the security-notification volume
  • Support its security team with a 'big-picture' management
  • View of the OT environment
  • Simplify its OT cyber security management
  • Discover and inventory all its OT assets
  • Identify risks


Customer Challenges

  • An existing IDS created a high volume of ghost assets and false-positive alerts. These alerts made it much harder to detect and proactively respond to actual threats leading to alert fatigue for the refinery's cyber security team.
  • An inability to prioritize risk effectively and efficiently, including discerning which alerts required immediate attention so that it could accurately detect and proactively respond to actual OT security risks.
  • An inability to connect and leverage data sources and existing technologies to properly understand and secure its operational environment.


OTORIO's Solution

OTORIO's RAM² (Risk Assessment, Monitoring and Management) solution helped the energy company automate and correlate events for fast and easy operational risk identification and noise suppression. RAM² was able to enrich OT asset inventory and overview by integrating with the company's:

  • Existing firewall
  • EDRs
  • OT IDS
  • Large automation vendor DCS
  • Deploying Safe Active Query
  • Passive monitoring, and re-using existing SPAN ports