Virsec Case Study: Major Water and Wastewater Treatment Facility Secures SCADA Systems With Application-Aware Workload Protection

One of the largest water utilities in the United States is responsible for the development and delivery of a high-quality water supply for nearly one million people. Recognized nationally for its water infrastructure development, the facility processes nearly 100 million gallons of water each day and is charged with protecting multiple water sources and providing clean, safe water to its target regions not only today but for future generations as well. The customer had implemented AVEVA’s control and monitoring solutions and sought to improve their overall ICS security. The security team wanted a tailored solution that expanded threat coverage and addressed the risk of service disruption caused by cyberattacks on utility operations and services at scattered water distribution, collection, and treatment facilities.

The Challenge

The utility uses AVEVA System Platform control and monitoring solutions to supervise the operation of Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and manages the information generated throughout the water treatment processes. The OT leaders wanted assurance that automated security was in place to counter attacks on vulnerable aspects of the system, whether known or unknown. The goal was to ensure an automatic and proactive response to attacks as they happen.

Always One Step Behind

Critical infrastructure sites are significant targets for malicious attacks, and this facility was no different. Threat actors are bypassing traditional perimeter and cybersecurity tools and executing at the memory layer during runtime, always leaving the security teams one step behind. The customer needed to be able to mount a rapid, accurate response to events that threatened their daily operations and maintain the health and safety of its customers and communities.

Operations Under Pressure

The customer wanted to be proactive with its cybersecurity efforts, but it also faced limited security expertise, resources, and personnel to assist with monitoring and maintaining effective cybersecurity.

Persistent Vulnerabilities

The facility was experiencing persistent vulnerabilities across various applications and integrated components and services in areas where visibility and control were often lacking.

Lack of Visibility and Control

Security stakeholders worried about critical gaps in their strategy that could open doors to exposing sensitive information. They lacked visibility and control at runtime and knew they needed to leverage technology to provide in-depth protection across host and memory layers.

The Solution

The organization’s decision to enhance its cyber defense strategy required a thorough evaluation of potential vendors and security platforms. Leaders considered its current infrastructure, available resources, and ongoing management requirements of vulnerabilities and configurations.

After careful evaluation, the customer selected the Virsec Security Platform for application control and memory control flow integrity (CFI), securing all aspects of their SCADA application and underlying workload components running in disparate environments.

Stop Evasive Attacks at the First Step in the Kill Chain

The Virsec solution instantly detects and stops sophisticated attacks, such as remote code execution exploits, before damage is done. This is done based on intrinsic knowledge of acceptable behavior, visibility into process control flow, and ongoing monitoring of file systems and memory.

Challenge the Status Quo

Virsec upends the status quo in cybersecurity with technology that protects critical application workloads from the inside against dangerous attacks that bypass conventional security like IDPS, EPP, and EDR. By combining deep application-awareness with automated runtime protection, Virsec instantly stops advanced attacks across the entire attackable surface of the water utility’s infrastructure, without prior knowledge or signatures.

Ensure Good Vs. Chase Bad

Virsec extends and automates zero trust security across the customer’s entire workload, ensuring that applications only execute as intended and are never derailed by malicious code. Rather than chasing bad, the Virsec solution ensures good by providing runtime visibility of process memory to prevent memory-based threats, fileless malware, and unknown or zero-day attacks.

The Results

With Virsec installed, the water utility…