Global Pharma Expands OT Visibility and Strengthens Security

The Customer: Global Pharmaceutical Company

This global pharmaceutical company, with R&D, manufacturing and distribution divisions, has more than 100,000 employees and more than 15 manufacturing sites in various countries.

How Does a Global Pharmaceutical Company Protect Its Critical Infrastructure from Disruption?

This multinational pharmaceutical company’s supply chain was distributed across multiple manufacturing plants and countries. While it had a good understanding of the number of OT devices on its networks, it wasn’t able to clearly see how assets were communicating and where vulnerabilities and risks lay.

‍

The pharmaceutical firm was finding it challenging to unify its security processes across IT and OT. It wanted to leverage its existing virtual environment and already available resources, including servers, engineering workstations and other third-party tools, while ensuring that its manufacturing supply chain was secure from end-to-end.

‍

While the pharmaceutical company had well-established OT security guidelines and processes, it wanted to proactively protect itself from emerging threats. The security team had noted the increase in cyberattacks targeting pharmaceutical companies around the world, and were well aware of an incident that resulted in the theft of highly valuable intellectual property (IP).

Threat Intelligence Reduces Mean Time-to-Detection and Enables Faster Response

Nozomi Networks worked closely with its strategic alliance partner, global technology service provider NTT Ltd., to address the pharma company’s visibility challenges. The process began with a Proof of Concept (PoC) in which a Guardian sensor and virtual CMC were deployed within a single manufacturing site, to demonstrate the depth of information that the solution was capable of uncovering.

‍

Nozomi Networks Guardian sensors automatically track OT and IoT assets and monitor communications and device behavior, delivering insight into the OT/IoT network and its activity patterns. They detect anomalous behavior and threats, and identify high priority vulnerabilities. The Central Management Console (CMC), offered in physical, cloud and virtual formats, consolidates OT and IoT visibility and risk monitoring across distributed sites to streamline workflows and speed incident response.

‍

The pharma company's OT security team found the PoC results surprising and impressive. Not only did Guardian automatically create a comprehensive asset inventory, it identified multiple network issues including duplicate IP addresses, login and backup failures and Internet Protocol version 6 (IPV6) system communication problems. The new insight helped reduce the OT security team’s manual troubleshooting and forensic efforts and accelerated its response to vulnerabilities.

‍

Following the successful PoC, the Nozomi Networks solution was installed within the virtual environments of 3 of the pharma company’s 17 manufacturing sites. Not only does the Nozomi Networks solution scale easily across thousands of distributed sites, it also provides visibility into all OT/IoT environments, integrates easily with existing SOC/IT environments, comes with built-in integrations for asset, ticket and identity management systems and SIEMs and includes support for hundreds of OT, IoT and IT protocols.

‍

After the first 3 sites were up and running, NTT Ltd. managed the larger rollout across the 14 remaining sites plus a test lab, utilizing a total of 22 Guardian sensors and multiple virtual CMCs.

Nozomi Networks' built-in integrations with ticketing, asset management, access control and other systems made it easy to harmonize security data for a cohesive response. When new features or integrations were needed, the pharma security team appreciated the speed of Nozomi Networks' response to its requests.

‍

NTT Ltd. leveraged the Nozomi Networks Threat Intelligence service to help the pharma firm stay up-to-date on emerging OT and IoT threats, and to prevent the spread of potential infiltrations across its connected IT/OT/IoT networks.

‍

Guardian’s advanced threat detection capabilities identify cybersecurity and process reliability threats, detect early and late stage and advanced threats and risks and block attacks when integrated with compatible firewalls and endpoint security products. The Nozomi Networks Threat Intelligence service continually updates Guardian sensors with rich data and analysis, helping organizations detect emerging threats and vulnerabilities before they impact operations.

OT/IoT Insight Leads to Enhanced Operational Security and Reliability

Thanks to the experts at NTT Ltd. and the advanced Nozomi Networks OT and IoT security solution, the pharmaceutical firm gained better visibility into its complex, distributed OT environments and increased its awareness and understanding of OT vulnerabilities and risks. This new level of insight is being used to stay on top of anomalies and threats, and respond quickly to incidents before they disrupt operations.