An industry leader in freight rail, the customer has a massive, complex operational network covering over 20,000 miles (32,000 km).
The company serves over 20 states with some of the nation's largest population centers and operates over 1,800 trains per day and approximately 6,000 wayside stations.
The customer strives to be the best-run railroad in North America and is focused on capitalizing on the efficiency of rail transportation to serve America.
Cylus was originally introduced to the customer’s Deputy CISO in November 2021. The customer identified its primary challenges as supporting a massive geographically dispersed operational network connecting thousands of physical sites across the country, maintaining redundancy on that network to achieve availability and reliability requirements for internal rail operators, and managing highly refined tool sets and processes to handle daily challenges including environmental concerns, human caused catastrophes such as fiber cuts, natural disasters, and a multitude of other challenges across their territory.
Additional challenges include increased threats from cyber vectors that require additional tooling and processes to quickly identify the cyber context needed to maintain availability for the internal rail operations demands. To meet this challenge, the customer’s security team is engaged in a broad OT security strategy based on NIST CSF and best practices such as active defense to speed up its ability to provide cyber context through improved detection and response capabilities. The team is focused on achieving these capabilities in a cost effective manner.
One aspect of the customer’s strategy is improved network detection and response (NDR) capabilities which started with implementing a general purpose network monitoring solution, Extrahop. While the customer is using multiple network taps and network packet brokers to capture network traffic at wire speed, they acquired the Extrahop tool to monitor its IT network and liked that it had some applicability in their OT network as well where general purpose compute is being used. But it was clear this general purpose tool was not developed specifically for the rail industry.
The Extrahop solution observes traffic on the customer’s network to develop asset inventories and detect malicious activity. But the customer recognized that rail applications and their traffic are not readily parsed out of the box by the tool. To address the gap, the customer proposed a partnership between Cylus and Extrahop to obtain the analytical benefit of both tools by leveraging the Extrahop solution to specifically extract rail OT applications traffic and send it to CylusOne for analysis.
Once this architecture was confirmed a proof of value on live production data was conducted in the third and fourth quarters of 2022 that included multiple use cases such as:
The integrated solution of Extrahop and CylusOne successfully demonstrated value for all the proposed cybersecurity and rail operations use cases. The customer subsequently purchased CylusOne in December 2022 and an initial deployment of CylusOne is now complete including integrations not only with Extrahop, but also with the customer’s SIEM, Microsoft Azure Sentinel, and with their single sign on solution, Okta.