Unauthorised download risks mitigated at RWE Supply & Trading thanks to BeyondTrust

BeyondTrust is assisting pan-European energy trading house RWE Supply & Trading to reduce its security risks and meet both budgetary and regulatory constraints

BeyondTrust is assisting pan-European energy trading house RWE Supply & Trading to reduce its security risks and meet both budgetary and regulatory constraints

BeyondTrust – the global cyber security company dedicated to proactively eliminating data breaches due to insider privilege abuse and external hacking attacks – has revealed the detail of a successful project that’s helping RWE Supply & Trading reduce its security risks and, at the same time, meet both budgetary and regulatory constraints.

RWE Supply & Trading is a leading energy trading house and a key player in the European energy sector. The business serves as the interface between the global wholesale markets for energy and energy-related raw materials and the RWE Group (one of Europe’s five leading electricity and gas companies).

The European energy sector is undergoing fundamental changes at present, with subsidised expansion of renewables causing margins and the use of conventional power stations to decline, in turn requiring energy providers to reduce their costs. Set against those cost reductions, energy providers like RWE Supply & Trading simply cannot sacrifice their security regimes.

As part of an ongoing strategy designed to protect and continually strengthen its IT security posture, RWE considered the tightening of administrator rights to ensure that users download only those applications applicable to their responsibilities and mitigate the risk of rogue software and potentially harmful malware damaging business-critical IT systems.

However, RWE was also concerned that simply removing admin rights from employees would hamper productivity, and particularly so in an environment that makes extensive use of Citrix VDI technologies.

In his capacity as the IT security architect for RWE Supply & Trading, Loucas Parikos explained: “We wanted to reduce the attack surface and our chances of being exploited without negatively impacting on a productive work environment. In addition, we had to meet all regulatory constraints.”

Eliminating ad hoc administrator rights

Following an extensive evaluation and Proof-of-Concept phase, RWE selected BeyondTrust PowerBroker for Windows which has allowed the company to eliminate ad hoc admin rights on all users’ PCs and afforded fine-grained control of privileges on the Windows servers.

With PowerBroker, RWE is able to control the functions permitted on servers, whether accessed by local employees, contractors, employees from other divisions or by groups to which RWE outsourced.

Once local admin issues had been resolved, Parikos moved on to reducing the attack surface and vulnerabilities across all IT resources. After undertaking another Proof-of-Concept of several vulnerability management products and an extended evaluation period, RWE deployed Retina CS from BeyondTrust to scan its disparate and heterogeneous environment in order to identify security exposures, using the results in a consolidated set of actions based on specific vulnerabilities found during the scans.

“The reporting capabilities provide insight and help us prioritise our risks across the entire environment based on industry data about specific vulnerabilities,” noted Parikos.

The project was capped by a final stage that used the PowerBroker Password Safe to track who accessed various privileged accounts on RWE’s estate of 1,000-plus Windows servers and 200-plus UNIX systems to enable detailed audits of what had been done during each access session.

The entire solution is managed by the BeyondTrust BeyondInsight platform. This provides a top level and real-time view of what applications are employed by its Windows users, the vulnerabilities in its assets and the actions of privileged users on both Windows and UNIX servers.

Pleasingly for the customer, the success of the solution has helped RWE retain its strict regulatory and industry Best Practice security controls.

“Our initial success in working with BeyondTrust to eliminate admin rights propelled us to seek other components that could also be monitored from BeyondInsight,” concluded Parikos. “The reporting capabilities and recommendations are excellent. The more assets we scanned, the more useful those insights became in terms of helping to prioritise our remediation efforts.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts