In light of the tightening legislation in the upcoming years, Vestforbrænding strengthens cybersecurity by implementing new security technology as well as 24/7 monitoring of their network traffic. The result is a more resilient infrastructure, better preparedness – and notably more peace of mind.
When Thomas Fænø was hired as the IT manager at the Danish waste and energy company Vestforbrænding, he was tasked with elevating cybersecurity. This happened immediately following the major SolarWinds hack, which sent shockwaves through many organizations worldwide. Although Vestforbrænding did not have data stolen or misused in connection with the SolarWinds attack, they were still vulnerable. Hence, the management desired a generally heightened focus on security.
“We quickly defined five pillars on which our security should stand,” begins Thomas Fænø. “The first pillar was leadership, where we now use ISO 27001 as a management tool to, among other things, uncover risks and lay out a new strategy for incident management. The second pillar was hardening, where we looked at endpoint protection, firewalls, routers, and switches to determine if our infrastructure was robust enough. The third pillar was monitoring, where we examined our detect, response, and SOC capabilities. And the final two pillars were preparedness and training, where we reviewed our disaster recovery processes and focused on targeted education and training of our employees based on their roles.”
Thomas Fænø explains that Vestforbrænding will be subject to the NIS2 directive and, therefore, must comply with a wide range of enhanced cybersecurity requirements starting from October 2024.
“We have utilized ISO 27001 and CIS18 controls as tools to enhance our security. With these two standards, we make significant progress towards NIS2 compliance – and also towards compliance with the EU’s CER – Critical Entities Resilience Directive – which Vestforbrænding will also be subject to from October 2024.“
“We don’t have the resources to maintain 24/7 monitoring on our systems ourselves. It would require us to hire 8-10 administrators, and it simply wouldn’t be cost-effective. It’s much more efficient for us to have an external SOC service in place, which can inform us about what has happened and intervene on our behalf to stop or mitigate the effects of an incident,” says Thomas Fænø, IT manager, Vestforbrænding.
The external SOC responds outside of working hours
The review of Vestforbrænding’s infrastructure at a system technical level revealed the need for better firewall security and improved endpoint protection. Therefore, they have implemented Palo Alto Networks’ next-generation firewalls and Palo Alto Network’s Cortex XDR Pro solution.
“In terms of the contingency plan, which is mandatory for all actors in the energy sector, we were not resilient enough. It’s fine to have managed detect and response solutions, but if there’s no one ready to respond to incidents on a Saturday night, it doesn’t really matter. That’s why we needed monitoring capacity that could act on our behalf around the clock and had the authority to stop the incident if something happened,” says Thomas Fænø.
Through public procurement processes, Conscia has delivered the two new Palo Alto Networks solutions and the SOC service that currently monitors Vestforbrænding’s infrastructure 24/7. In addition, Vestforbrænding also utilizes a Palo Alto Networks tool to detect vulnerabilities and security breaches.
Tracking threats at the client level
When Thomas Fænø compares Vestforbrænding’s monitoring before and after the new security measures, the most significant effect is the increased visibility. Previously, they had a security tool that could track traffic towards the firewall – for example, traffic SektorCERT had identified as suspicious. But from there, it was a black hole. Vestforbrænding couldn’t see if the suspicious traffic penetrated the firewall and where it ended up if it did. With the new technologies and tools, Vestforbrænding can now track all activity up to the firewall, past the firewall, and down to the client level. This applies to both suspicious and harmless activity.
In addition to increased visibility, Thomas Fænø emphasizes the organization’s improved response capabilities.
“We don’t have the resources to maintain 24/7 monitoring on our systems ourselves. It would require us to hire 8-10 administrators, and it simply wouldn’t be cost-effective. It’s much more efficient for us to have an external SOC service in place, which can inform us about what has happened and intervene on our behalf to stop or mitigate the effects of an incident,” says Thomas Fænø.
He is pleased with the collaboration with Conscia and finds significant business value and reassurance in knowing someone monitors network activity outside of regular working hours.
“Conscia has assembled a strong team of experts who know what they’re doing. When our internal IT staff are at work during regular hours, we want them to have the time and peace of mind to perform their primary tasks. They shouldn’t start Monday morning by going through hundreds of log files to see if anything happened over the weekend,” he concludes.