Creating a scalable, efficient and secure Operational Technology environment
Case Study
Expanding Operational Technology environments for a Critical Infrastructure Provider
About Our Client
Our client, a newly established government agency, is a crucial component of a broader cluster dedicated to upholding critical infrastructure. Given their recent inception, they faced the urgent need to establish strong controls for their rapidly expanding Operational Technology (OT) environments aligned to internal Standards. They sought to optimise the value of their newly constructed setups while ensuring robustness and scalability
The Challenge
The agency had a their newly built Splunk environment, however, encountered several challenges in managing their expanding OT environments including a lack of centralised controls, varying approaches to vendor management, and limited visibility in a growing environment. As a Critical Infrastructure Provider, they were also cognisant of their compliance with the SOCI Act. With already stretched resources they required professional support to ensure the security, scalability, and operational efficiency of their platform and environments to ensure their environments were robust.
Overview
Services:
- Operational Technology
Sector
Government
”Avocado Consulting collaborated closely with the agency to enhance their recently built Splunk environment. The focus was on transitioning it into a robust, operationally supported system managed by Avocado’s expertise.
Avocado Consulting collaborated closely with the agency to enhance their recently built Splunk environment. The focus was on transitioning it into a robust, operationally supported system managed by Avocado’s expertise. Avocado provided tailored recommendations and solutions to bridge the gaps identified within the existing OT environment. The solution involved working within the agency’s standards and aligning with their specific needs. This included:
- Specialisation: Emphasis on Splunk Enterprise Security for comprehensive security monitoring and incident response.
- Control Implementation: Avocado designed and implemented robust controls to ensure the security and integrity of the OT environments, aligning with industry best practices and the agency’s unique requirements.
- Visibility: Aligning vendor standards; protocols and proprietary information/comms formats between tools/vendors and Auditing and monitoring vendors to ensure they’re only accessing tools that they need to.
- Optimising New Environments: Avocado provided strategic guidance to maximise the value derived from the newly constructed environments, making them operationally efficient and scalable.
- Scalability Planning: Avocado devised a scalable architecture that allowed the agency’s OT environments to expand seamlessly, accommodating the rapid growth while maintaining optimal performance.
Technical Details:
- Splunk Deployment: On-premise OT-focused Splunk Enterprise distributed deployment.
- Infrastructure: 5x Search Heads (1 SH Cluster with 3x instances), 6 Indexers, and several management-tier and forwarding-tier servers (~40-50 Splunk servers).
The Approach
Avocado Consulting adopted a proactive and collaborative approach throughout the engagement ensuring a comprehensive and tailored approach that was fit-for-purpose. This included:
- Thorough Assessment: We conducted a detailed assessment of the agency’s existing OT environments, identifying gaps, vulnerabilities, and areas for improvement.
- Customised Solutions: Avocado tailored solutions to the agency’s unique challenges, aligning with their objectives and industry standards.
- Continuous Collaboration: We worked closely with the agency’s, fostering open communication and knowledge sharing to ensure the successful implementation of controls and optimisation strategies.
The Outcome
Avocado Consulting’s tailored solutions and collaborative approach empowered the agency to overcome their challenges, setting a strong foundation for their future growth and ensuring the robustness of their Operational Technology environments and compliance with the SOCI Act.
Avocado was able to provide a list of recommendations to the agency for their Splunk environment – many have been implemented since. As a result, the environment is now in a state where it can quickly scale and grow to meet the rapidly growing needs of the agency while they expand.
With enterprise-grade visibility and a Splunk environment now ready to scale the agency can now focus on using Splunk for value add in the following areas:
- Upkeeping physical security for each precinct.
- Detecting and preventing Cyber Attacks on Critical Infrastructure.
- Auditing and controlling vendor access to various components and guarding against tampering.
- Maintaining centralised visibility of the status of a geographically disparate OT environment across their infrastructure.
Given the success of this engagement and confidence in Avocado, the agency is now transitioning to a Managed Service with Avocado, ensuring optimisation in both BAU and ongoing value add.
