Even as network links, vulnerabilities and cyber-threats multiply, there are some tools that can automate and streamline many cybersecurity tasks. The trick is combining them with human forethought, awareness, training and follow-up.
For instance, to protect its laptops, devices and mining system endpoints worldwide, Orica Ltd. previously used antivirus software, but CISO Sean Lasinker reports it was complex to support, inefficient and drained resources because it had to be investigated and resolved manually when a new cyber-risk was detected. Endpoint detection, protection and response were basic and slow, and offered minimal visibility and limited threat-hunting. The company supplies explosives, blasting systems, mining chemicals, geotechnical monitoring, digital solutions and services to help clients discover and extract raw materials. Because it’s at the forefront of research and development in new mining and blasting technologies, Orica must ensure that related data is safeguarded to protect intellectual property.
“Ensuring our operational technology is used correctly and we’re prepared to respond to a cyberattack is of the utmost importance,” says Lasinker. “The intention was always to aim for the next generation of endpoint security as part of our overall security strategy.”
Automation simplifies the hunt
Orica settled on CrowdStrike due to ease of deployment, ongoing management and seamless integration with existing security and business systems, such as its web-secure gateways and an email security solution. It deployed CrowdStrike’s FalconX automated threat detection in all areas of its IT environment, which must protect digital systems and IIoT products sold to customers, its own business systems hosted on AWS and Azure cloud-computing services, and OT and manufacturing systems that supports its global plants. This environment comprises 8,700 endpoints at Orica’s sites worldwide, including its engineers working at clients’ mining facilities. The company also implemented Falcon OverWatch to manage threat hunting, and CrowdsStrike’s Incident Response and Advisory Service, which let it prepare to react quickly and effectively to any incidents, and assess and thwart potential cyber-threats.
“We’ve already used the CrowdStrike Incident Response and Advisory Service twice to investigate suspected security incidents that were thankfully false positives,” explained Lasinker. “Speed of response and resolution were impressive, but more importantly gave us confidence and reassurance. The standout feature of CrowdStrike that makes a difference to our business is its single-pane-of-glass visibility of endpoint security. As a security expert, having that information at my fingertips in real time and being able to act at the click of a button saves lots of time. The visibility we have compared to before is like night and day. With CrowdStrike and way it’s has been deployed across Orica, we know we can rely on the accuracy and validity of our data.”
Lasinker reports another CrowdStrike highlight is its ability to isolate multiple hosts at the same time. It can highlight several endpoints with specific compromise indicators and act swiftly. “CrowdStrike enables us to quickly spot live incidents, gain greater visibility and discover unknown services, which is extremely efficient,” adds Lasinker. For example, CrowdStrike helped Orica deal with the 2021 Log4Shell threat with no impact. This was a software vulnerability in the Java logging framework, involving arbitrary code execution that affected multiple global organizations.
Security saves time and money
Following its deployment, Orica evaluated CrowdStike’s and found that, over a three-year period, it’s expected to save more than $1.5 million Australian, pay for itself in 16.5 months, and deliver a 115% return on investment (ROI). In addition, CrowdStrike’s real-time response and remediation virtually eliminated the three weeks it used to take to recover and rebuild devices for remote workers. Finally, CrowdStrike also reduces the workload of the small team that manages Orica’s global security 24/7, for example, by reducing the four hours previously required to triage an incident down to 10 minutes.
“As a CISO, there are three aspects of cybersecurity we need to be good at: patching and vulnerability management, regular backups and testing of those backups, and endpoint security. CrowdStrike handles the latter across Orica’s whole enterprise and is a critical security solution for us.”