Nesher Israel Cement Enterprises

Challenges

With cement furnaces operating around-the-clock at 1,200 degrees Celsius, Nesher’s most important operational concern is safety. Nesher’s furnaces and other critical equipment are managed by industrial controllers, which, if compromised by a cyberattack, could lead to a major explosion and even loss of life.

• Maintaining safety, reliability and productivity in a digitalized environment amid a growing number of sophisticated cyber threats
  From a business standpoint, a cybersecurity event in Nesher’s SCADA environment could bring cement production to a halt. Such an incident could cause major shortages of cement in Israel’s construction market as well as revenue losses of millions of dollars and reputational damage.

• Lack of full visibility to industrial control systems (ICS) and other devices
  Nesher required full visibility of its complex SCADA/ICS network together with real-time 24/7 alerts on any changes to its controllers. This level of visibility (see Figure 1) was crucial for enabling early detection and mitigation of security risks before they impact productivity or endanger employee safety.

  
  Figure 1. Tenable.ot provides the unified visibility of all assets and events in a simple interface that helps Nesher manage cyber risk.

• SOC analysts lack the OT asset details required to quickly and efficiently remediate alerts
  Simplicity of use and responsive vendor support were also important for allowing Nesher’s operations and security teams to become proficient with the system in the shortest possible time. These attributes would enable Nesher to avoid hiring new cybersecurity and OT experts and reduce training efforts.

Solution

Nesher deployed Tenable.ot at its cement factory and power plant – both based in Ramla. Tenable’s professional services team worked closely with Nesher’s experts to devise the optimal implementation strategy, which included the following capabilities:

• Safely queries industrial control devices
  Tenable.ot meets Nesher’s requirement for 360-degree visibility of its SCADA environment, enabling its engineers to stay apprised of every detail for every ICS asset from a single pane of glass. Tenable.ot safely queries Nesher’s assets and devices in their native protocols, with zero impact on device configurations or network operations. By working in conjunction with passive network monitoring, the Tenable.ot patented active querying technology provides critical information about Nesher’s ICS environment that cannot be gathered solely by listening tonetwork traffic.
• Automates all asset inventory
  Tenable.ot enables Nesher to automatically discover all assets within its large and complex SCADA environment, including dormant devices. Tenable.ot gathers and tracks all device-related activities, creating an up-to-date inventory of Nesher’s ICS assets, including data stored within the devices themselves (e.g., Windows user, hotfix lists, firmware version, PLC backplane configuration). This in-depth visibility into the state of each device enables Nesher to immediately detect misconfigurations, vulnerabilities, potential security breaches and threats.
• Produces context-rich, real-time alerts
  In addition to dashboard alerts, Tenable.ot also provides Nesher with real-time alerts containing detailed contextual information gathered from devices. The data about suspicious activities and unauthorized changes enables Nesher’s engineering and security teams to work together, helping them quickly identify the source of potential problems and mitigate potential risks.
• Incorporates multi-tiered, policy-based detection
  Nesher uses Tenable.ot policy-based detection to configure custom security rules that reflect specific organizational requirements. Using a flexible, wizard-based interface, Nesher can fine-tune predefined policies or create new ones as needed. Together with anomaly-based detection, these custom rules help Nesher effectively enforce its ICS network security policies against any type of threat and improve alert accuracy.

Impact

• Employees work in a safe, always-on environment
  The ability to detect any threat to Nesher’s OT infrastructure enables Nesher to feel secure and confident their employees are in a safe environment. Tenable.ot greatly reduces their risk of any downtime while also enabling Nesher to keep all their assets current and document any change – malicious or not – that anyone has made.
• Security teams have complete visibility and control across their SCADA environment
  Tenable.ot uses proprietary technology that actively queries devices in Nesher’s industrial environment, enabling its security teams to achieve maximum visibility and ensuring that its SCADA engineers are aware of every change to every ICS asset. This unique capability enables unmatched visibility and control over ICS assets without impacting the safety or reliability of Nesher’s industrial operations. “We are using the Tenable.ot patented technology with zero interference to our SCADA environment,” said Shalev.
• Incident response is accelerated with simple-to-use, insightful visualizations and the patented Tenable.ot active query capability
  One of the main drawbacks of the other systems we looked at in our RFP was their complexity and cumbersome user interface. The Tenable.ot interface makes it easy for Nesher’s engineers to control traffic and operations in the SCADA network. “What really stood out in the Tenable.ot solution is the simplicity of usage,” said Niki Lukutin, Nesher’s technology development department manager. “After just one day of working with the system, I was familiar with the user interface,” added Lukutin.
• Peace of mind because of accurate alerts to any change in their OT network
  Alert accuracy is another area in which Tenable.ot outperformed competitors. Unlike other vendors that had a high rate of false positives, Tenable.ot enables Nesher to define custom security policies which reduce the number of alerts and minimize false positives. Since security alerts and events are being sent 24/7 from Tenable.ot to Nesher’s SOC, enhanced alert accuracy means Nesher SOC analysts can focus their efforts on investigating real threats.

Conclusion

After conducting an in-depth evaluation of several other OT security providers, Nesher’s technical team selected Tenable.ot. They were particularly impressed by the comprehensive situational awareness it provided.

Thanks to Tenable.ot, Nesher now has a comprehensive view of their cyber risk across their OT network.