ERM Power & Cisco Security
ANZ Case Study
ERM Power prides itself on providing innovative energy solutions.
Since its formation in 1980 as an energy consulting business, ERM has expanded across Australia, and its operations now include power generation, retailing, and designing energy management solutions. The company now also has a presence in the US, operating as Source Power and Gas, based in Houston Texas.
"Obviously utilities are a more and more valuable target, and the ability to turn off someone’s power supply might be quite tempting for an attacker. So for us, being an energy provider with power stations, we saw ourselves as increasingly at risk."
David Timms, IT Operations Manager, ERM
“If you think about what’s going on in Australia at the moment, electricity prices are increasing and there are changing renewable obligations for our customers. In that space, ERM is well positioned to help our customers both reduce their electricity bill and look at energy efficiency,” Derek McKay, Chief Information Officer says. One of its key propositions is the STEP Online energy management portal, which enables to take control of their energy purchasing.
But according to ERM’s IT Operations Manager David Timms, as the company has grown and pushed more of its services online, it has also become a more tempting target for cyber criminals.
In recent years ERM’s clients have also become much more security conscious.
“Increasingly businesses, especially large enterprises, want to know how we are handling their data,” Timms says. “As we move more and more into the energy solutions space, where we are gathering large amounts of data about how they are using their power, businesses are concerned with what we are doing to secure that.”
However, Timms says an investigation of ERM’s existing security architecture while robust, found room for improvement.
“We were using the traditional ‘rely on your firewall’ approach,” Timms says. “We had antivirus running on the endpoints, and we thought we were covered. However, this approach represents the bare basics, and given the increasing sophistication of threats, we saw a requirement to increase the maturity of our systems and our approach.
“We could see the benefit of increasing our visibility into our environment and of going with a new solution that gave us the ability to see what was going on at the network layer.”
Timms describes ERM’s culture as entrepreneurial and lean. The company operates with only 330 staff, and just a handful of staff managing IT operations. That meant that the chosen cyber defence solution would need to be intuitive, cater to a small team of experts, and deliver for IT operations in both Australia and the US.
Read the Cyber Threat Response magazine to see how cyber criminals are exploiting the breaches
Solutions deployed by ERM
In early 2016 ERM conducted a market survey to determine the best combination of solution and supplier. The company had already made significant investments in Cisco technology for routing, switching and other tasks, including its existing firewall infrastructure, so it made sense to include Cisco’s security solutions in the review.
Timms says around that time Cisco released the next generation of its Firepower next-generation firewall technology, which showed impressive capabilities in its intrusion detection system (IDS) and intrusion prevention system (IPS).
“We saw there was an opportunity there to get more visibility of the environment through the IDS/IPS offerings through the Cisco Firepower suite,” Timms says.
A decision was taken to adopt Firepower, which would see appliances installed at branch sites, and Cisco’s Advanced Malware Protection (AMP) deployed for ERM’s endpoint devices.
Work on the upgrade commenced in early 2016, with full implementation completed in under 60 days. Since then ERM has gone through one complete update of the suite’s software.
Advanced Malware Protection
ERM on the results
Timms says he has been impressed by the visibility that the new suite of tools has delivered in terms of showing the threat trajectory and indicators of compromise, enabled by the Firepower Management Centre.
“It delivers what we need,” Timms says. “The Firepower Management Centre has been a very powerful ‘single pane of glass’ to look through, which has been really good. The information we are getting has allowed us to respond a lot faster to threats, even across different systems.
"We can actually identify ‘patient zero’ and see how a piece of malware is moving through the environment, and understand how to remediate that."
David Timms, IT Operations Manager, ERM
Timms says that at times the results have been surprising. “Now we know how many times the system is getting attacked and the kinds of attacks that people are leveraging against these systems,” Timms says. “The solution actually picked up an attempt to deploy Stuxnet to one of our power station managers.
“All of that visibility will also inform better software development principles internally.”
How fast can you detect and respond to texts? Take this quiz to see how to improve your organisation's security effectiveness.
ERM's improved security posture
The stronger security posture means ERM is now more confident regarding its own development plans, especially for development of its online portals.
“Digital products and services will play an increasingly important role in our business, particularly given our focus to help customers better their energy requirements,” Timms says. “The STEP Online portal is a service that will develop further, so the knowledge that we can secure that is important. If we couldn’t guarantee that, we would be looking at hosting systems offsite at greater cost, or shying away from more development.”
Timms says Cisco’s cloud security roadmap is particularly interesting to ERM, particularly the possibility of running a virtualised IDS/IPS system in the cloud.
“We wanted to make sure we had complete visibility, because not all threats come in via the Internet,” Timms says.
“All it takes is someone to walk in and plug in an infected USB key. If that malware manages to propagate sideways through the network, we are going to see which other machines it has affected and be able to remediate them quite quickly.”
More on Cisco Security
Security designed to work together. Simplify security complexity. Keep business more secure. Make IT more productive.