Case Study

UST helped a global real estate firm enhance building management system security to protect IT, OT, and IoT environments

This multinational real estate investment management group wanted to bolster the cybersecurity of its IT, operational technology (OT), and IoT building management systems. CyberProof, a UST company, designed and implemented a comprehensive SOC orchestration solution with automated incident detection and response, providing end-to-end visibility for data-driven decision-making.

Style

Post-info

OUR CLIENT

Founded more than 200 years ago, this global commercial real estate and investment management firm operates in nearly 100 countries, employs approximately 100,000 people, and generates $20 billion in annual revenue. The company’s unique combination of global capabilities and local expertise has helped it earn numerous international awards.

THE CHALLENGE

Bolstering cybersecurity for building management systems

The customer was interested in developing a scalable cybersecurity monitoring and detection solution for its building management systems (BMS) to provide an overview of its threat landscape and also provide timely notifications when IT, operational technology (OT), and IoT systems became vulnerable or turned into potential cybersecurity threats. They sought a partner to provide systematic and rigorous evaluations of cyber risks posed by the adoption of OT and IoT systems and the integrations with IT and cloud systems. It was also important to the customer to rapidly isolate environments and systems in cases involving a potential threat.

Other areas in which the customer wanted support included:

Securing critical BMS systems using deep packet inspection for industrial control systems (ICS) and supervisory control and data acquisition (SCADA) system protocols, including HVAC, electrical systems, elevators, water, parking lot systems, temperature control systems, and developing documents and processes for overall architecture and design
Protecting high voltage power supply systems (securing the IEC 61850 protocol) and monitoring various hazardous material sensors
Ensuring real-time visibility, monitoring, and detection of threats in the organization’s cloud infrastructure—which interact with OT and IoT systems and sites

THE TRANSFORMATION

Comprehensive IT, OT, and IoT security for cyber resilience and uninterrupted business continuity

CyberProof, a UST company, worked closely with the customer and third-party vendors to perform IT and OT security assessments—analyzing the customer’s assets, documentation, processes, and existing controls. Initial assessments during the onboarding phase provided a detailed network design architecture for all assets and associated ports, connections, protocols, and vulnerabilities—including gaps in people, processes, and technologies required for maintaining the company’s cybersecurity posture.

CyberProof partnered with ICS/SCADA technology vendors to develop and implement new hardware and software solutions per the approved architecture. We installed and configured the necessary hardware sensors, intrusion detection system (IDS), and agents to collect logs in real time from BMS systems (i.e., both IT and OT systems) and sent data to the CyberProof Defense Center (CDC) platform.

Our solution included the following elements:

The CDC platform provided security operations center (SOC) orchestration, automation, and response capabilities. The CDC integrated with the security information and event management (SIEM) system to ingest security alerts and connects with various other technologies, such as vulnerability management tools, incident workflow management tools, and more to orchestrate and automate operational activities.
The CDC platform provided the single pane of glass view for IT, OT, and IoT environments that the organization needed (including cloud and SaaS environments).
CyberProof’s customized engagement model directly addressed the customer’s primary needs. The CDC platform imported logs from the customer’s SIEM and provided alert enrichment and orchestration using CyberProof’s virtual bot, SeeMo.
The CDC platform integrated CyberProof Threat Intelligence feeds and digitized playbooks to provide rapid incident detection and response. It also integrated open source and closed source tools, such as VirusTotal, Skybox, and AbuseIPDB, to enrich the response. This provided the customer with optimized performance, continuous event enrichment, and a single pane of glass view—enabling the operations team to act faster and make data-driven decisions.
The CDC platform was equipped with IT and OT playbooks and use cases to drive automation. This helped the customer decrease mean time to detect and respond.
CyberProof conducted test cases pertaining to possible cyberattacks on the BMS environment to ensure that all systems are hardened and under continuous monitoring.
The customer’s products and services were designed to be in compliance with International Electrotechnical Commission (IEC), and National Institute of Standards and Technology (NIST) policies for IT and OT assets

THE IMPACT

BMS security and monitoring gives company leaders and real estate investment client’s peace of mind

The global real estate industry leader now has a robust threat detection and intelligence solution for its building management systems. The engagement created these benefits for the company:

Single view and control point for both IT and OT environments
Integrated IT and OT SOC operations
Shorter time to detect and respond to security incidents
Fewer false positives and reduced incident dwell times
Real-time visibility with custom views and dashboards
Alignment with industry standards and compliance requirements including IEC, International Organization for Standardization (ISO), and NIST

Resources

https://www.cyberproof.com/
https://www.ust.com/en/what-we-do/digital-transformation/managed-security-services
https://www.ust.com/en/manufacturing