BeyondTrust – the global cyber security company dedicated to proactively eliminating data breaches due to insider privilege abuse and external hacking attacks – has revealed the detail of a successful project that’s helping RWE Supply & Trading reduce its security risks and, at the same time, meet both budgetary and regulatory constraints.
RWE Supply & Trading is a leading energy trading house and a key player in the European energy sector. The business serves as the interface between the global wholesale markets for energy and energy-related raw materials and the RWE Group (one of Europe’s five leading electricity and gas companies).
The European energy sector is undergoing fundamental changes at present, with subsidised expansion of renewables causing margins and the use of conventional power stations to decline, in turn requiring energy providers to reduce their costs. Set against those cost reductions, energy providers like RWE Supply & Trading simply cannot sacrifice their security regimes.
As part of an ongoing strategy designed to protect and continually strengthen its IT security posture, RWE considered the tightening of administrator rights to ensure that users download only those applications applicable to their responsibilities and mitigate the risk of rogue software and potentially harmful malware damaging business-critical IT systems.
However, RWE was also concerned that simply removing admin rights from employees would hamper productivity, and particularly so in an environment that makes extensive use of Citrix VDI technologies.
In his capacity as the IT security architect for RWE Supply & Trading, Loucas Parikos explained: “We wanted to reduce the attack surface and our chances of being exploited without negatively impacting on a productive work environment. In addition, we had to meet all regulatory constraints.”
Eliminating ad hoc administrator rights
Following an extensive evaluation and Proof-of-Concept phase, RWE selected BeyondTrust PowerBroker for Windows which has allowed the company to eliminate ad hoc admin rights on all users’ PCs and afforded fine-grained control of privileges on the Windows servers.
With PowerBroker, RWE is able to control the functions permitted on servers, whether accessed by local employees, contractors, employees from other divisions or by groups to which RWE outsourced.
Once local admin issues had been resolved, Parikos moved on to reducing the attack surface and vulnerabilities across all IT resources. After undertaking another Proof-of-Concept of several vulnerability management products and an extended evaluation period, RWE deployed Retina CS from BeyondTrust to scan its disparate and heterogeneous environment in order to identify security exposures, using the results in a consolidated set of actions based on specific vulnerabilities found during the scans.
“The reporting capabilities provide insight and help us prioritise our risks across the entire environment based on industry data about specific vulnerabilities,” noted Parikos.
The project was capped by a final stage that used the PowerBroker Password Safe to track who accessed various privileged accounts on RWE’s estate of 1,000-plus Windows servers and 200-plus UNIX systems to enable detailed audits of what had been done during each access session.
The entire solution is managed by the BeyondTrust BeyondInsight platform. This provides a top level and real-time view of what applications are employed by its Windows users, the vulnerabilities in its assets and the actions of privileged users on both Windows and UNIX servers.
Pleasingly for the customer, the success of the solution has helped RWE retain its strict regulatory and industry Best Practice security controls.
“Our initial success in working with BeyondTrust to eliminate admin rights propelled us to seek other components that could also be monitored from BeyondInsight,” concluded Parikos. “The reporting capabilities and recommendations are excellent. The more assets we scanned, the more useful those insights became in terms of helping to prioritise our remediation efforts.”