Energy & Utilities Sector Cyber Security

Unified Insider Threat Detection, Data Loss Prevention, and Compliance Management with Teramind

Teramind for the Energy & Utilities Sector

The energy and utilities industry has historically been inundated with threats from external sources including hackers, environmental activists, and industrial and state espionage. As a result, the industry has set security as their top priority. Thanks to their efforts, it has become more difficult for an outside attacker to penetrate critical energy and utilities systems. That’s good news.

However, what’s not good is, the criminals have now turned to enlist insiders, ie employees and contractors in these organizations to gain access using various methods like social engineering, id theft/ impersonation, baits or collusion. Being insiders, these users already have access to critical systems, sensitive data and IP, and can cause more damage than an outsider. While the cost of insider-caused incidents varies by industry, energy and utilities remains one of the highest - spending tens of millions in average to contain the damage caused by such threats.

The energy & utilities sector is also highly collaborative where larger companies utilize contractors, outsourcing partners and suppliers for offshore operations, exploration, distribution, analysis and legal matters. A third-party can easily expose the company to great financial, IP and other risks either accidentally or intentionally. There are also consulting firms working with multiple oil and gas companies providing design and engineering services who need to share confidential and sensitive information such as reservoir data, seismic reading, future exploration sites etc. These firms are often targeted by competitors, criminals, and even their customers for the invaluable trade secrets.

In an industry where employees, vendors and contractors have access to critical infrastructures, privileged information or intellectual property on a regular basis, securing the resources and information is crucial for the industry as well as for the safety of the citizens utilizing their products and services.

Teramind Combines Insider Threat Detection and Data Loss Prevention into a Single Integrated Solution for Energy & Utilities Companies

With Teramind, energy and utility companies can monitor and protect critical infrastructure from malicious or accidental insider threats, safeguard information of future plans, trade secrets, IP and customer information and meet compliance goals for NERC, FISMA, ISO 27001 with its powerful policy and rules engine, forensic audit and reporting features. Here are a few expels of what an energy or utility company can achieve with Teramind’s unified User Activity Monitoring, Threat Detection and DLP platform:

  • Gain operation-wide visibility into the user activity of critical infrastructure assets for both OT and IT systems including endpoint, servers, terminals, back/front office systems.
  • Prevent stealing of high value intellectual property like survey and testing data, drilling and logistics information, site plans, bid for drilling rights and more.
  • Extend monitoring and control to partners, vendors, consultants and other third-parties for secure collaboration on joint-venture projects.
  • Restrict modification of system software, access elevation, malicious code execution and other potential harmful activity by privileged users.
  • Protect customer information, employee privacy and corporate data.
Teramind for Energy & Utilities value diagram

Insider Threats is a Major Concern in Energy & Utilities:

Security is a Top Concern Among Utilities
A survey of 600 electric utility executives found that cyber and physical security was the most pressing concerns for them. Source: UtilityDive.


Agree Cyber & Physical Security is Important or Very Important

Energy is One of the Most Targeted Critical Industry
The U.S. energy sector, which includes the oil, natural gas, and electricity subsectors, is one of the most highly targeted critical infrastructure sectors. Source: DHS.


Cyber Incidents are Related to U.S. Energy Sector

Insiders Are the Top Threats in the Oil & Gas Industry
In a survey of OT experts, 65% said the top cybersecurity threat was careless insider and 15% said malicious insider. Source: Ponemon & Symantec.


Negligent Insider


Malicious Insider

Insider Threats Cost Energy & Utilities Companies Millions
Companies in energy and utilities incurred an average costs of $10.23 million in insider threat related incidents in 2018. Source: Ponemon & ObserveIT.


Cost of Insider Threats for Energy & Utilities

Teramind Helps Energy & Utilities Companies Protect Sensitive Data:

  • Exploration, survey, seismic and other research data.
  • Process flow, pipeline flow diagram, engineering designs.
  • Oil/gas drilling data like prospecting related terms, confidential/CB well list, Coalbed data etc.
  • Business plans, legal data.
Critical Infrastructure / Utilities
  • Distribution plans, software design documents, SCADA terms.
  • Vendor Contracts.
  • Business plans, legal data.
  • Customer Data, Personally identifiable information (PII), Consumer-specific Energy Usage Data (CEUD), Customer proprietary network information (CPNI).
Corporate Data
  • Business processes and strategic plans.
  • Price/cost/supplier/customer lists.
  • Source code, formulas, patents and other type of IPs.
  • Acquisition plans, M&A announcements, legal documents and other confidential matters.
  • Payroll, accounting and financial data.
And more...
  • Billing/invoice, tax/VAT, GST/HST, enrollment and payment related data.
  • GDPR special data categories (trade union data, biometric, geo location).
  • For Official Use Only (FOUO), Confidential and Protected file tags.
  • Federal Tax Information (FTI), Covered Financial Information (GLBA) etc.

Teramind Delivers Insider Threat Detection and Data Security to Energy & Utilities Companies

Real-Time Visibility and Control

Teramind visually records every action that a user makes on your Operation Technology (OT) and IT systems including endpoints, servers/terminal servers, network and cloud, DMZ for 12+ system objects like: web, apps, email, file transfers, etc. Uncover what your employees are up to both online and offline. Each object can be configured to take into consideration what needs to be monitored and who has access to the monitored records. You can specify who you want to monitor, how much you want to monitor, when and for how long. This allows for instant administrative oversight in respect to all user activity while complying with any privacy requirements.

Automated Data Discovery and Classification

Teramind has built-in templates for many classified and unclassified data types to protect your customer data, IP and other sensitive information. Custom data types easily be created using flexible regular expression (RegEx) and natural language definitions. Combine OCR and fingerprinting with multiple logic, file origin, file properties and data content to discover and protect confidential exploration and production data, engineering and technical design, source codes, contract etc.

Powerful Policies and Rules Engine

The core of the Teramind platform is its automation. Teramind comes with hundreds of pre-defined policies and rules. For example: block email containing sensitive keywords, stop uploading of a confidential document, detect screen capture, prevent the use of external drives etc. The templates cover virtually every use case of data loss prevention, insider threat detection and compliance requirements. Just pick a policy or rule template and all the data definition, content source, condition will be set automatically for you to edit.

Endpoint Data Loss Prevention & Egress Control

Teramind helps you put exfiltration and egress controls in place to monitor and prevent illicit sharing of information. For example, File Transfer rules to block use of removable media. Clipboard rules to prevent sharing of confidential information like customer data outside the CRM. Network rules to restrict download/upload operations in the Cloud for certain file types or all files (no need for separate Cloud Access Security Brokers). Or use dedicated Application rules to limit or completely disable social media and IMs to prevent potential data leak by social engineering. There are hundreds of use cases where Teramind can proactively defend your data from malicious or accidental leaks or misuse.

Behavioral Anomaly Detection

Define what constitutes dangerous or harmful user behavior and Teramind’s sophisticated anomaly engine will automatically detect when a user, department or group deviates from their normal parameters or exceeds acceptable risk levels. For example, get notified if a user sends too many attachments or prints more pages than normal. Teramind can detect anomalies in applications, emails, network, file activities, printing and more. Immediately get notified about harmful user activity, lock out user or take remote control of the compromised system before any malicious or fraudulent attempts are made.

Privileged User and Third-Party Monitoring

Teramind allows organizations to create profiles for privileged users, contractors and other third-parties and then define what information and system resources each profile can access. Further rules can be set up by behavior policies so that access to sensitive information is segregated by the organization’s security policy, or on a need-to-know basis. Rules can also be created to notify the authorities of any suspicious privileged user activity, such as unauthorized changes to system configuration, creation of backdoor accounts, unscheduled logins, a contractor trying to access restricted databases etc.

Security Sandbox

Teramind allows you to create virtual servers on Windows, VMware Horizon etc. Utilizing this capability, you can for example, setup a Terminal Server for your partners, contractors or vendors . These external users can then login to the server using RDP keeping out of your internal network and repositories. At the same time, you can record their activates separately, restrict access or take control of the server in case of an incident keeping rest of your business immune to disruption.

Digital Forensics and Auditing

Detailed alerts for all users can be viewed including any security incidents and what actions were taken. Warning messages can be configured to inform the users about nonconformity and influence corrective behavior. Session recordings and history playback can be used to view user’s desktop for audit and evidence gathering purposes.

Risk Assessment and Treatment

Teramind has a dedicated Risk dashboard where the CSO and security analysts can conduct organization-wide risk assessment. Risk can be profiled by users, departments or by system objects. Reports can be derived by severity of risks or by how many times security violations occurred. Unique Risk Scores helps you identify high-risk users or policies so that plans can be developed for treating the risks.

Compliance Management

Teramind comes with support for implementing compliance and standards like NERC CIP Standards for Electric Utilities, FISMA, FERC, ISO 27001, GDPR etc. Our flexible Policy and Rules Editor and powerful analytics and reporting features can help you develop your own organization-specific security and privacy, etiquette and acceptable use policies or conform with any regional data privacy and notification laws applicable to your organization.

Teramind is Ranked #1 by:

And others.

Have a Look

Flexible Deployment Options

On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.

Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.

Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.

Interested? Try it! take a guided tour