SA Power Networks has reduced the number of cyber incidents it classifies as high-severity by automating its analysis of prior incidents to help it find and address vulnerabilities.
A high-severity incident, according to the state’s sole energy distribution provider, is a confirmed breach to IT or OT sytems, or significant unauthorised access or disclosure of highly confidential and/or customer data.
The organisation said that a comparison of alerts for the first six months of 2023, compared to the corresponding period last year, showed an over 60 percent reduction in high-severity incidents.
SA Power Networks attributed its reduction in high-severity incidents, in part, to its use of an Exambeam Fusion security information and event management (SIEM) platform, and in particular to the platform’s ‘smart timelines’ feature.
“Exabeam provides the context on what happened before an alert triggered, allowing us to make proactive changes resulting in the same incident not triggering again,” a SA Power Networks spokesperson said.
Smart timelines feature brings together multiple log sources, search and index data and presents the most relevant event details to SA Power Networks’s security team in a structured, linear format.
The company said that, since partnering with Exabeam in January 2021, smart timelines had been one of the most rewarding features it had access to.
During a cyber incident in 2020, piecing together the events that led up to the incident had been a big challenge, the company said.
Prior to using Exabeam’s SIEM, SA Power Networks had outsourced threat detection and response duties to a managed security service provider that did not meet expectations.
The company weighed up switching providers against investing in developing an in-house detection and response skillset.
SA Power Networks used a series of simulated penetration tests to confirm the effectiveness of Exabeam for its specific purposes.
Reducing the security teams’ workload was a key selection criteria, as the utility ramped up preparations to comply with the Australian energy sector cyber security framework.
The reduction was achieved, by eliminating multiple interfaces, which also resulted in an improved mean-time-to-respond to incident alerts, the spokesperson told iTnews.
“Mean-time-to-respond has reduced from hours (during workdays) and days (over the weekend) to minutes for potentially compromised credentials,” the spokesperson said.
The SIEM has also reduced alert fatigue by prioritising alerts.
The platform uses machine learning to map an organisation’s normal user and system behaviour, making anomaly detection simpler.
“Exabeam has helped us achieve a key strategic objective for our security operations centre, build cyber security talent in our state and retain our existing skills,” the spokesperson said.