Over the last few years, the adoption of smart devices and cloud computing has spiked for energy companies. At the same time, a lot of energy and resource infrastructure still runs on old legacy systems.
The balance of old and new means that methods to discover and manage assets aren’t uniform. This makes identifying all devices, understanding everything on a device, and applying missing security controls challenging for security and risk teams.
The NERC Standard CIP-002 R3 requires that responsible entities develop a list of Critical Cyber Assets (like control systems, data acquisition systems, networking equipment, and hardware platforms running virtual machines) essential to the operation of the Bulk Electric System. Axonius helps energy and resource companies adhere to NERC requirements and drastically reduce the time needed to satisfy audits by:
Many of today’s methods to discover and manage assets simply don’t work for operational technology (OT). Because OT services need to be available at all times, utilities often can’t apply agent-based or scanning-based to continuously discover assets or they’ll risk interfering with the devices.
Even when assets are discovered, it’s difficult to verify that OT security controls are applied and functioning correctly when device discovery is so infrequent.
Axonius helps utilities discover and manage all IT and OT assets, and ensure that security controls are applied everywhere and functioning properly.
Cybersecurity was the number one digital investment focus for oil and gas companies in 2019. And since oil and gas companies are frequently the target of nation-state actors, a defense-in-depth strategy is needed.
Yet, with so many different security solutions, it can be hard to know they’re applied everywhere and functioning properly. This is even more challenging as oil and gas companies drastically increase the number of assets in their IT environment. From unmanaged devices like smart meters, to increased usage of cloud computing, oil and gas companies are protecting more assets than ever before. Recent mergers and acquisitions also meant that oil and gas companies have inheriting assets that may have been previously unmanaged.
By connecting to the solutions oil and gas companies use, Axonius verifies that security controls are applied where they should be and running on the correct version, while also ensuring IT and OT assets are still available at all times.
Renewable and solar energy companies have increasingly moved to the cloud to centralize operations and improve cost efficiency. This means that SCADA systems are now being deployed in the cloud so they can be managed remotely.
With the rise in connected devices, whether on-premise at power plants or in the cloud, renewable and solar companies must ensure that security platforms (i.e. data security and encryption platforms) are able to protect intellectual property by running everywhere they should be.
Axonius helps renewables and solar companies identify security coverage gaps in order to reduce overall cyber risk — regardless of where devices are located.
“We realized that we had to find our assets quicker, and that we needed a unified, single source of truth to correlate and view our assets.”