The energy and utilities industry has historically been inundated with threats from external sources including hackers, environmental activists, and industrial and state espionage. As a result, the industry has set security as their top priority. Thanks to their efforts, it has become more difficult for an outside attacker to penetrate critical energy and utilities systems. That’s good news.
However, what’s not good is, the criminals have now turned to enlist insiders, ie employees and contractors in these organizations to gain access using various methods like social engineering, id theft/ impersonation, baits or collusion. Being insiders, these users already have access to critical systems, sensitive data and IP, and can cause more damage than an outsider. While the cost of insider-caused incidents varies by industry, energy and utilities remains one of the highest - spending tens of millions in average to contain the damage caused by such threats.
The energy & utilities sector is also highly collaborative where larger companies utilize contractors, outsourcing partners and suppliers for offshore operations, exploration, distribution, analysis and legal matters. A third-party can easily expose the company to great financial, IP and other risks either accidentally or intentionally. There are also consulting firms working with multiple oil and gas companies providing design and engineering services who need to share confidential and sensitive information such as reservoir data, seismic reading, future exploration sites etc. These firms are often targeted by competitors, criminals, and even their customers for the invaluable trade secrets.
In an industry where employees, vendors and contractors have access to critical infrastructures, privileged information or intellectual property on a regular basis, securing the resources and information is crucial for the industry as well as for the safety of the citizens utilizing their products and services.
With Teramind, energy and utility companies can monitor and protect critical infrastructure from malicious or accidental insider threats, safeguard information of future plans, trade secrets, IP and customer information and meet compliance goals for NERC, FISMA, ISO 27001 with its powerful policy and rules engine, forensic audit and reporting features. Here are a few expels of what an energy or utility company can achieve with Teramind’s unified User Activity Monitoring, Threat Detection and DLP platform:
|
Security is a Top Concern Among Utilities |
| A survey of 600 electric utility executives found that cyber and physical security was the most pressing concerns for them. Source: UtilityDive. | |
72% |
Agree Cyber & Physical Security is Important or Very Important |
|
Energy is One of the Most Targeted Critical Industry |
| The U.S. energy sector, which includes the oil, natural gas, and electricity subsectors, is one of the most highly targeted critical infrastructure sectors. Source: DHS. | |
59% |
Cyber Incidents are Related to U.S. Energy Sector |
|
Insiders Are the Top Threats in the Oil & Gas Industry |
| In a survey of OT experts, 65% said the top cybersecurity threat was careless insider and 15% said malicious insider. Source: Ponemon & Symantec. | |
65% |
Negligent Insider |
15% |
Malicious Insider |
|
Insider Threats Cost Energy & Utilities Companies Millions |
| Companies in energy and utilities incurred an average costs of $10.23 million in insider threat related incidents in 2018. Source: Ponemon & ObserveIT. | |
$10M+ |
Cost of Insider Threats for Energy & Utilities |
|
Energy |
|
|
|
Critical Infrastructure / Utilities |
|
|
|
Corporate Data |
|
|
|
And more... |
|
|
|
Real-Time Visibility and ControlTeramind visually records every action that a user makes on your Operation Technology (OT) and IT systems including endpoints, servers/terminal servers, network and cloud, DMZ for 12+ system objects like: web, apps, email, file transfers, etc. Uncover what your employees are up to both online and offline. Each object can be configured to take into consideration what needs to be monitored and who has access to the monitored records. You can specify who you want to monitor, how much you want to monitor, when and for how long. This allows for instant administrative oversight in respect to all user activity while complying with any privacy requirements. |
|
Automated Data Discovery and ClassificationTeramind has built-in templates for many classified and unclassified data types to protect your customer data, IP and other sensitive information. Custom data types easily be created using flexible regular expression (RegEx) and natural language definitions. Combine OCR and fingerprinting with multiple logic, file origin, file properties and data content to discover and protect confidential exploration and production data, engineering and technical design, source codes, contract etc. |
|
Powerful Policies and Rules EngineThe core of the Teramind platform is its automation. Teramind comes with hundreds of pre-defined policies and rules. For example: block email containing sensitive keywords, stop uploading of a confidential document, detect screen capture, prevent the use of external drives etc. The templates cover virtually every use case of data loss prevention, insider threat detection and compliance requirements. Just pick a policy or rule template and all the data definition, content source, condition will be set automatically for you to edit. |
|
Endpoint Data Loss Prevention & Egress ControlTeramind helps you put exfiltration and egress controls in place to monitor and prevent illicit sharing of information. For example, File Transfer rules to block use of removable media. Clipboard rules to prevent sharing of confidential information like customer data outside the CRM. Network rules to restrict download/upload operations in the Cloud for certain file types or all files (no need for separate Cloud Access Security Brokers). Or use dedicated Application rules to limit or completely disable social media and IMs to prevent potential data leak by social engineering. There are hundreds of use cases where Teramind can proactively defend your data from malicious or accidental leaks or misuse. |
|
Behavioral Anomaly DetectionDefine what constitutes dangerous or harmful user behavior and Teramind’s sophisticated anomaly engine will automatically detect when a user, department or group deviates from their normal parameters or exceeds acceptable risk levels. For example, get notified if a user sends too many attachments or prints more pages than normal. Teramind can detect anomalies in applications, emails, network, file activities, printing and more. Immediately get notified about harmful user activity, lock out user or take remote control of the compromised system before any malicious or fraudulent attempts are made. |
|
Privileged User and Third-Party MonitoringTeramind allows organizations to create profiles for privileged users, contractors and other third-parties and then define what information and system resources each profile can access. Further rules can be set up by behavior policies so that access to sensitive information is segregated by the organization’s security policy, or on a need-to-know basis. Rules can also be created to notify the authorities of any suspicious privileged user activity, such as unauthorized changes to system configuration, creation of backdoor accounts, unscheduled logins, a contractor trying to access restricted databases etc. |
|
Security SandboxTeramind allows you to create virtual servers on Windows, VMware Horizon etc. Utilizing this capability, you can for example, setup a Terminal Server for your partners, contractors or vendors . These external users can then login to the server using RDP keeping out of your internal network and repositories. At the same time, you can record their activates separately, restrict access or take control of the server in case of an incident keeping rest of your business immune to disruption. |
|
Digital Forensics and AuditingDetailed alerts for all users can be viewed including any security incidents and what actions were taken. Warning messages can be configured to inform the users about nonconformity and influence corrective behavior. Session recordings and history playback can be used to view user’s desktop for audit and evidence gathering purposes. |
|
Risk Assessment and TreatmentTeramind has a dedicated Risk dashboard where the CSO and security analysts can conduct organization-wide risk assessment. Risk can be profiled by users, departments or by system objects. Reports can be derived by severity of risks or by how many times security violations occurred. Unique Risk Scores helps you identify high-risk users or policies so that plans can be developed for treating the risks. |
|
Compliance ManagementTeramind comes with support for implementing compliance and standards like NERC CIP Standards for Electric Utilities, FISMA, FERC, ISO 27001, GDPR etc. Our flexible Policy and Rules Editor and powerful analytics and reporting features can help you develop your own organization-specific security and privacy, etiquette and acceptable use policies or conform with any regional data privacy and notification laws applicable to your organization. |
On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.
Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.
Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.
