How Siemens Energy Stops Cyber Attacks Before They Happen

As the energy sector faces a growing number of threats, Siemens Energy is partnering with Recorded Future to stay one step ahead of bad actors.

Challenge

A rapidly evolving threat landscape

The energy sector faces an ever-growing number of unpredictable cybersecurity threats, and the consequences of a security breach can be dire. Given that critical infrastructure outages can disrupt millions of lives and cost energy companies billions of dollars, bad actors see the sector as a prime target.

“The threats the energy sector faces have been evolving,” said Dusan Vignjevic, Siemens Energy’s Head of Threat Intelligence and Threat Hunting. “It’s very important for us to be able to monitor the threat landscape and understand what’s happening.”

Two additional factors make the threat landscape even more complicated:

1. The energy sector is undergoing a long-overdue process of digitalization. Many energy companies still use outdated legacy systems, and they find it harder to balance operational efficiency with cybersecurity requirements as they move to the cloud. “The combination of legacy systems and cloud migration creates a broader attack surface, and we need to make sure we’re monitoring it effectively,” Vignjevic said.
2. Cybersecurity threats have become more sophisticated, and attacks have become more precise. Vignjevic and his team needed to understand the threats to the energy sector as a whole as well as the attacks and vulnerabilities specific to their company.

“We need to be able to contextualize threats and understand what’s important for us,” he said. “Within the vast amount of information that is available in the threat landscape, we need to pinpoint what can potentially affect our organization when it comes to domains, identities, IPs, and other applications. We need to plot the strategic risks to our organization and anticipate what might be coming for us.”

The only way to withstand these attacks and respond effectively is to know what’s coming, but legacy cybersecurity defense systems and antivirus software aren’t enough anymore. The Siemens Energy security team needed a threat intelligence solution that could help them predict, prevent, and mitigate cyber risk using active threat hunting and strong cybersecurity defenses.

Solution

Proactive threat intelligence

The security team found all of this in Recorded Future solutions, which enables them to understand the evolving threat landscape. Recorded Future threat intelligence and continuous monitoring help the team prepare for any emerging threats and attacks that might come their way.

“Within the vast landscape of potential vulnerabilities, Recorded Future enables us to pinpoint the vulnerabilities that are most critical to us and the energy sector at large,” Vignjevic said.

By increasing automation, the team saved valuable time and moved from a reactive to a proactive defense strategy.

"As the energy sector grows and undergoes the digitalization process, we still use legacy systems with large attack surfaces, which need to be monitored effectively," Vignjevic said. "This is where Recorded Future helps. Recorded Future's integrations have given us the opportunity to connect with many other tools and automate the identification of critical vulnerabilities, so they are handled before being exploited."

Advanced features for threat intelligence

Siemens Energy uses Recorded Future to analyze malware in two key ways:

1. Collective Insights®: This capability allows the security team to collect data on malware threatening their environment and map it to relevant TTPs.
2. The Power of Sandbox and Malware Analysis - Test, detonate, and analyze: Recorded Future’s Sandbox allows the team to actively test malware and detonate it without any risk of infection. Interacting with the malware gives analysts valuable insights into how it functions, and they use that knowledge to improve their threat monitoring and threat hunting.

Recorded Future has been invaluable in spotting anomalies, such as the fact that threat actors are abusing dual-usage tools. “They aren’t trying to evade security tools, they’re trying to blend in,” Vignjevic explained. “This is something we’ve been actively hunting for, and the contextualization we get from Recorded Future has helped us find these anomalies in our environment and distinguish them from normal usage by our employees. With 100,000 employees and vast amounts of data, that wouldn’t have been possible without the context from Recorded Future.”

Results

Mapping threats and preventing attacks

Recorded Future provides the Siemens Energy cybersecurity team with the information it needs to deliver significant value to the broader organization. They’ve increased their awareness and resiliency by mapping threats to TTPs and identifying the threat actors targeting both their organization and the broader energy industry.

“Threat intelligence is one of the key pillars of cybersecurity,” Vignjevic said. “Without it, you’re missing a big piece of the puzzle. You can’t operate without those critical insights, and it would be very difficult without Recorded Future.”

This enhanced threat intelligence has given the team confidence in their ability to withstand future attacks. They are more proactive, better prepared to defend against threats, and better able to resolve incidents effectively. Anticipating attackers' moves allows them to act faster, minimizing potential impact.

With Recorded Future, the team’s threat analysts can process the vast amounts of data available to them, gaining an in-depth understanding of the attacks their organization and industry peers are facing. “Threat intelligence is solely about the number of incidents we’ve prevented,” Vignjevic said. “The energy sector requires 100% uptime, and we are able to prevent attacks by using Recorded Future. Mitigating a single cyber attack or a data breach is already a win for us and a return on investment.”