Security Risk Management in Oil & Gas

Summary

Verve partnered with one of the top 10 oil and gas companies to deliver measurable cyber security improvements in six months. Deploying the Verve Security Center provided a comprehensive platform for risk assessment, remediation, monitoring and reporting.

In addition, the Verve Industrial Protection (VIP) services team deployed critical third-party components such as backups and application whitelisting to deliver a turnkey improvement program.

Within six months, the client became a model site for their OEM vendors and the rest of their organization.

The Challenge

Our client, a top 10 oil and gas producer, had a complex refining operation in remote locations and needed a vendor-agnostic security solution to simplify protection and monitoring over a dozen different OEM brands. This company’s corporate IT security requires measurable improvement against critical controls within six months. To complicate things, their networks were already heavily segmented with many layers of NAT-routers, subnets, etc.

After evaluating several solutions, the IT and OT teams chose Verve as their partner to deliver a step function improvement in
security maturity.

“Verve enabled us to have the same security functionality and consistent measurement in OT as we have in our IT side.”

– CISO, Top 10 North American Electric & Gas Utility

The Solution

Verve brought together the Verve Security Center platform and our VIP services to
provide a turnkey solution to OT/ICS security. Verve Security Center was deployed across thousands of endpoints: servers, HMI’s, embedded controllers (such as Delta V, Rockwell, Triconex, etc.), and networking gear from Cisco, Hirshman, Emerson, etc. This provided a robust vulnerability and risk assessment on each endpoint and segment. Verve reached deep through segmented
networks to gather inventory and vulnerability information.

The client leveraged VIP services to enhance their internal security resources. The
services team assisted with the deployment of Verve and third-party security tools such as the Dell backup solution, Carbon Black malware protection, etc. These components integrate directly into Verve Security Center to provide real-time visibility to malware and backup status.

The Impact

Within six months, this oil and gas client made significant improvement in their ICS/OT security. Verve provided a robust risk assessment including full asset visibility, vulnerability assessment, identification of dormant and unnecessary user accounts, risky software, missing patches, etc. The client begun remediation immediately. The Verve Security Center provided an integrated management console that could be viewed by centralized IT staff to identify a full range of security controls gaps in remediation plans across all facilities.