Background
A Midwest Public Utility (MPU) found itself at a critical juncture in its cybersecurity journey. As a public utility provider, MPU was responsible for safeguarding essential services and sensitive data. While their network was relatively clean, they faced significant challenges that required expert intervention.
The Challenge
MPU's primary cybersecurity vulnerability stemmed from an on-premises Exchange server. On-prem Exchange servers are extremely vulnerable due to their exposure to direct internet access and the challenge of maintaining up-to-date security patches. In contrast, cloud-based email solutions like Office 365 benefit from robust infrastructure security and continuous updates, significantly reducing the risk of unauthorized access to mail servers.
The severity of the situation became apparent during the 2019-2020 period when a major vulnerability was discovered, prompting unprecedented action from federal authorities.
The Unauthorized Access Incident
In a startling turn of events, external entities began remotely accessing and updating vulnerable Exchange servers without the explicit permission of organizations like MPU. A cybersecurity expert recounted, "We found unexpected activity from unknown IP addresses. We discovered them probing the Exchange Server and applying patches." This unauthorized access, while potentially intended to address critical vulnerabilities, raised serious concerns about privacy and security."
Our Approach
Recognizing the complexity of MPU's situation, our team developed a tailored solution that addressed both immediate threats and long-term security needs:
Enhanced Monitoring: The team implemented a robust monitoring system using an NXlog package. "We deployed an NXlog package that would specifically pick up the mail flat files on the Exchange Server, so the NXlog agent was able to see all the Windows activity from the application system and Windows Event Viewer logs, but also be able to pull all the activity and mail flow rules and everything like that directly from the Exchange Server."
On-Site Deployment: The team frequently visited MPU's facilities to deploy network monitors, ensuring a hands-on approach to security implementation. This included deploying additional monitors to different locations around the city, such as the public library.
Comprehensive Security Review: Beyond addressing the Exchange server vulnerability, the team conducted thorough assessments of MPU's overall security practices, including firewall policies and VLAN (Virtual Local Area Network) rules.
Continuous Improvement: The team established a system of regular check-ins and updates to ensure that security measures evolved with emerging threats.
Key Technologies and Methodologies
The solution leveraged several key technologies:
- NXlog package for comprehensive server monitoring
- Network monitors for extended visibility across multiple sites
- Cylance endpoint protection platform for device security
- Custom scripts for automated device status checks
Results and Impact
The impact of the cybersecurity overhaul was significant:
- Improved Security Ratings: MPU's Cylance protection ratings, which initially stood at 'B', saw marked improvement.
- Enhanced Visibility: The utility gained unprecedented insight into its network activities across multiple sites, allowing for proactive threat mitigation.
- Streamlined Processes: Regular check-ins and custom scripts enabled MPU to maintain a consistently high level of security.
- Increased Confidence: MPU's team reported feeling more secure and better equipped to handle cybersecurity challenges.
Conclusion
This case study demonstrates the power of a tailored, collaborative approach to cybersecurity in the public utilities sector. By addressing immediate vulnerabilities while building a framework for long-term security, the team not only protected MPU from pressing threats but also empowered them to maintain a robust security posture in the face of evolving cyber risks.
This project underscores the importance of proactive cybersecurity measures for public utilities and showcases how the right partnership can transform an organization's security landscape, even in the face of unprecedented challenges like unauthorized federal interventions.