Successful cooperation with Emschergenossenschaft / Lippeverband
Improvement of the IT security level of the Emschergenossenschaft / Lippeverband (EG/LV) through continuous network analysis by finally safe GmbH from Essen, Germany.
Operators of critical infrastructures need effective IT security solutions in order to face the future challenges of increasing digitalization. The cooperation with EG/LV shows how finally safe contributes to the protection of IT systems and sensitive data and how measurable results have been achieved in a short period of time.
Water maintenance, flood protection, sewage disposal, rain and groundwater management: These are just a few of many fields of activity of the EG/LV. The 1,600 employees of the cooperative association, which comprises 200 members, work in different areas of water management, which in turn are part of critical infrastructures. Just like other critical infrastructure sectors, the EG/LV cannot avoid IT-supported business processes. A trouble-free and seamless operation of the IT infrastructure is therefore a decisive success factor, especially since the threat situation has become more diverse and professional, particularly for critical infrastructures.
Successful attacks reduce productivity, violate corporate secrets and ultimately endanger the substance of the entire organization. Corresponding investments in IT security are a necessary requirement for maintaining image, market position and competitiveness. At EG/LV, the focus is not only on the company's own organisation, but also on an entire region in North Rhine-Westphalia. An attack on the corporate EG/LV network would have wide-ranging consequences for all areas of water management in the Emscher-Lippe region (catchment area of more than 2 million inhabitants).
For this reason, the EG/LV has decided to invest in IT security. A state-of-the-art perimeter protection is already ensured. However, this does not offer comprehensive protection against cyber attacks. In order to protect against attacks on or through your own network, direct, continuous monitoring of network traffic is essential. Only in this way can rule violations (compliance), deviations (anomalies) and traces of targeted attacks (advanced threat detection) be detected and analyzed. Furthermore, communicating devices are detected by continuous control and ongoing attacks can be detected as quickly as possible. With the aim of better protecting its own "critical infrastructure", the EG/LV uses finally safe’s Advanced Security Analytics Platform as a Service.
"finally safe gives us access to an innovative technology from Germany that has provided us with measurable added value in the field of information security and will provide us with this in the future". - Employee/Testimonial
Since November 2015, EG/LV has been one of finally safe's customers. The main focus of finally safe's system is the creation of an IT security situation picture that records the current security level of the IT infrastructure and remotely monitored outdoor facilities and provides recommendations for action. This enables the EG/LV to keep track of all processes running in the network and to prevent or analyse attacks. The Advanced Security Analytics Platform was integrated into existing workflows and processes so that the entire network communication can be monitored. In order to analyze the large amount of network traffic, distributed probes were used in different areas of the network: Perimeter traffic and internal data traffic is monitored at the main site.
First evaluations including presentation of results took place during a test phase in January 2016. In the following months, close coordination between the EG/LV and finally safe resulted in continuous modifications and improvements to the entire IT infrastructure. Unusual traffic on open ports, the use of obsolete browsers and operating systems and inadequate encryption are examples of problems analysed and detected by finally safe.
In May 2016, three months after the official launch of finally safe as a service, the regular reports showed obvious improvements. The risk of vulnerabilities that allow access to data within the network ("Easy to Access") decreased significantly by 97.1% of the indexed vulnerabilities. This category includes vulnerabilities that are exploited, for example, by the ransomware "WannaCry". Furthermore, the number of "Easy to Exploit" problems was reduced by 31%. These include obsolete and insecure browsers and operating systems. In addition, vulnerabilities have been fixed that allow information to be read ("Easy to Read"). An example of a frequently used protocol is "Telnet". The risk was reduced by 74.6%. In order to reduce these security risks, 27 problems of different severity have been fixed so far. The automatically generated reports saved the EG/LV experts more than 500 working hours, which would have been necessary to search for the individual vulnerabilities in the network (estimate: 8 hours of research per report).
From IT to OT – chances und challenges
In just a few months, significant improvements in network security in terms of greater resistance to attacks were noticeable. Based on these positive results, the EC/LV decided to intensify its cooperation with finally safe. Further probes were installed at the Bottrop site to monitor and analyse the process network communication (OT - Operational Technology). The EG/LV has thus extended the protection of the internal office and network communication (IT) by monitoring the outdoor facilities. The cooperation in this project started in January 2017, the official start of finally safe ICS as a Service took place in October 2017.
Thus, finally safe reliably monitors the communication network of the EG/LV using the sensors at the main locations, while taking data protection into account. The previous security concept was supplemented by continuous and sustainable network monitoring and reporting, including recommendations for action. All procedures and processes can now be viewed at any time, communicating devices can be identified and critical security gaps can be detected and closed at the network level. In addition, the system's high degree of automation reduces the effort required for manual analyses and troubleshooting. finally safe's Advanced Security Analytics Platform as a Service has become an indispensable extension of the IT infrastructure at EG/LV.