back arrow
Back to Resources
Case Study

Diverse Use Cases Create Improved Security and Stronger Cybersecurity / Operations Relationships

Diverse Use Cases Create Improved Security and Stronger Cybersecurity / Operations Relationships
Case Study

Diverse Use Cases Create Improved Security and Stronger Cybersecurity / Operations Relationships

Large Class I Freight Rail Company
icon location
USA
Real-Time Visibility Contributes to Faster Operations PTC Enforcement Research
Improved Speed in Providing Cyber Context to Maintain Availability to Meet Rail Operations Demands
Demonstrated Threat Detection in the Operations Rail Technology Environment
customer icon

The Customer

An industry leader in freight rail, the customer has a massive, complex operational network covering over 20,000 miles (32,000 km).

The company serves over 20 states with some of the nation's largest population centers and operates over 1,800 trains per day and approximately 6,000 wayside stations.

The customer strives to be the best-run railroad in North America and is focused on capitalizing on the efficiency of rail transportation to serve America.

This project started out very strongly as a security project. We were the ones that connected with Cylus initially and kicked off the work with them. But as we engaged our OT operators in the organization, we’re getting lots of positive feedback that they like what they’re seeing. The PTC enforcement research work in particular is a real use case win.
Principal Security Architect
challenges icon

The Challenges

Cylus was originally introduced to the customer’s Deputy CISO in November 2021. The customer identified its primary challenges as supporting a massive geographically dispersed operational network connecting thousands of physical sites across the country, maintaining redundancy on that network to achieve availability and reliability requirements for internal rail operators, and managing highly refined tool sets and processes to handle daily challenges including environmental concerns, human caused catastrophes such as fiber cuts, natural disasters, and a multitude of other challenges across their territory.

Additional challenges include increased threats from cyber vectors that require additional tooling and processes to quickly identify the cyber context needed to maintain availability for the internal rail operations demands. To meet this challenge, the customer’s security team is engaged in a broad OT security strategy based on NIST CSF and best practices such as active defense to speed up its ability to provide cyber context through improved detection and response capabilities. The team is focused on achieving these capabilities in a cost effective manner.

One aspect of the customer’s strategy is improved network detection and response (NDR) capabilities which started with implementing a general purpose network monitoring solution. While the customer is using multiple network taps and network packet brokers to capture network traffic at wire speed, they acquired the general purpose network monitoring tool to monitor its IT network and liked that it had some applicability in their OT network as well where general purpose compute is being used. But it was clear this general purpose tool was not developed specifically for the rail industry.

This tool observes traffic on the customer’s network to develop asset inventories and detect malicious activity. But the customer recognized that rail applications and their traffic are not readily parsed out of the box by the tool.  To address the gap, the customer proposed a partnership between Cylus and the general purpose tool to obtain the analytical benefit of both tools by leveraging the general purpose solution to specifically extract rail OT applications traffic and send it to CylusOne for analysis.

image
solution icon

The Solution

Once this architecture was confirmed a proof of value on live production data was conducted in the third and fourth quarters of 2022 that included multiple use cases such as:

  • Asset information and visibility.
  • Conducting positive train control (PTC) enforcement research.
  • Detecting unauthorized devices on the network.
  • Identifying instances of protocol misuse on the network.
  • Identifying instances of network resource exhaustion.

The integrated solution of the general purpose tool and CylusOne successfully demonstrated value for all the proposed cybersecurity and rail operations use cases. The customer subsequently purchased CylusOne in December 2022 and an initial deployment of CylusOne is now complete including integrations not only with general purpose network monitoring tool, but also with the customer’s SIEM, Microsoft Azure Sentinel, and with their single sign on solution.

CylusOne allows operations to bring all the PTC data together in one presentation to more quickly understand the PTC enforcement causes. The security team is getting very positive feedback from our OT operators. It is helping to solve stressful situations for the OT operators by speeding PTC enforcement research. CylusOne is helping build the relationship between operations and security, expanding the dialogue, getting more interactions, and creating a stronger relationship. Finding tools like CylusOne and making the operations team’s life easier is a big win for [the security team].
Principal Security Architect

Let’s Talk About Securing Your Rail

Our experts will get you back on track

Schedule a Call
Blue right arrowWhite right arrow