| março 18, 2022

Austria’s Largest Power Producer uses ExtraHop Reveal(x) as a building block for its Security Operations Center

VERBUND selected ExtraHop Reveal(x) to help monitor network traffic in real time, detect anomalies, and feed the results into the central Security Operation Center

Partilhe em    

VERBUND is Austria’s leading utility and one of the largest producers of hydro power in Europe. Following a review of its cybersecurity processes, VERBUND selected ExtraHop Reveal(x) to help monitor network traffic in real time, detect anomalies, and feed the results into the central Security Operation Center. In day-to-day usage, Reveal(x) significantly improved the ability to track down security issues and respond more quickly with greater precision, giving what VERBUND’s InfoSec-team described as “unprecedented” visibility within a highly integrated workflow.

THE BEGINNING

VERBUND is Austria's largest electricity producer and operates critical infrastructure assets, covering approximately 40%of the country’s electricity generation. As such, the company takes cybersecurity extremely seriously and has invested significantly in technical training, systems, and expertise to protect its enterprise applications, IT-infrastructure, and its operational technology (OT).

Traditionally, VERBUND has relied on individual departments to design, implement, and manage security within their respective domains and operational roles. However, following a cybersecurity strategic review in 2018, senior management decided to consolidate security functions into a more centralised Security Operations Centre (SOC). As part of this process, VERBUND evaluated several network detection and response (NDR) platforms in search of the solution that would form one very relevant component of its new SOC.

THE TRANSFORMATION

The Extrahop toolset is one component to help build up the new SOC. VERBUND evaluated Reveal(x) alongside other well-known NDR vendors as part of an eight-week proof of concept. “It really opened our eyes to what is possible and gave us a good understanding of how each solution worked,” said Florian-Sebastian Prack.

ExtraHop proved itself superior in a number of areas, especially in terms of its core capabilities. “Some of the other systems rely just on metadata and extensive training, whereas ExtraHop is able to quickly give insights and then allow to easily drill down to find specific items that the other systems were simply unable to uncover. It also gives visibility into SSL/TLS 1.3-encrypted traffic without compromising data privacy—a major consideration of VERBUND.

VERBUND also found that Reveal(x) easily paired with its existing systems and workflows. The security team has integrated Reveal(x) with its SIEM and its Atlassian Jira ITSM to provide a process-driven method of analysing alerts and managing responses.

THE OUTCOME

Although the development and organisation of teams for the new SOC is ongoing, VERBUND already uses ExtraHop to more quickly detect and respond to security incidents.

In one example, ExtraHop automatically identified a development environment linked to an unsecured server outside its protected network.

Reveal(x) has also detected previously undiscovered anomalies within the network and application data flows. Many of these application-layer issues were hard to spot before.

This comprehensive visibility has dramatically improved the accuracy of threat detections and speed of response times.

Development of the SOC is progressing rapidly, and VERBUND is confident about the value ExtraHop Reveal(x) delivers. They are now in the process of getting more people trained and using ExtraHop on a daily basis. They are also looking at creating dashboards, additional scripts, and integration of ExtraHop as a core part of both security and IT support across the entire organisation.