Solutions for Energy

Energy Overview

Energy companies may be the biggest target for cyber criminals because they are perceived to be highly vulnerable and have the financial wealth to fill attackers pockets. With multiple parties in the supply chain - some moving from one remote location to another - securely accessing data from anywhere in the world creates ongoing challenges for the dedicated and outsourced IT staff.

Oil giant Chevron fends off as many as 500 hack attacks a week
- InfoSecurity, May/June 2009 edition

Threats can come from within, too. The cost of a disgruntled employee hacking into your network to gain employee data, copy customer account information, or disable physical systems can be catastrophic for a company and its customers, partners, contractors, and suppliers.

Energy Network Topology


  • Operational complexity - Protecting SCADA (Supervisory Control and Data Acquisition) infrastructure, managing remote and transient workers, and ensuring WLAN security while carefully monitoring the full supply chain.
  • Lack of real-time monitoring and reporting - Accessing real-time information about possible network vulnerabilities to make intelligent operational decisions.
  • Protecting the infrastructure from threats within and outside the system - Ensuring users are protected from network threats such as viruses, and that critical systems are protected from both users and outside attacks.
  • Employee, contractor, partner, and supplier productivity - Eliminating the majority of spam and spim, blocking dangerous and inappropriate web surfing, and protecting against blended threats to reduce downtime and financial loss.

Extensible Threat Management for Energy

Extensible threat management (XTM) security solutions from WatchGuard aggregate multiple security measures into a single, easily configurable solution. Powerful firewall/VPN technology combines with application control, virus blocking, spam blocking, spyware protection, and URL filtering to stop threats.

WatchGuard XTM's Intrusion Prevention Service (IPS) includes specific protections for SCADA systems as well as broad-based intrusion prevention for a multitude of different attack and vulnerability types. WatchGuard XTM solutions also include enhanced support for business technologies such as Voice over IP (VoIP), and are the only XTM products on the market that offer inbound and outbound HTTPS inspection to increase web security coverage.

Moving Data Security

In the Energy industry, there is constant transfer of data from external facilities to main offces and data centers where historic data exists. Data is further processed and analyzed for making critical decisions and optimizing operations.

Role based access control (RBAC) ensures higher security by allowing users to obtain only the information they are assigned at the time. Faster decision-making with accurate information results in improved operations.

Meeting Compliance Requirements

In addition to the challenge of protecting SCADA infrastructure, regulatory challenges abound. Many energy companies face compliance requirements including PCI DSS (Payment Card Industry Data Security Standard) if they are accepting credit or debit cards in exchange for goods or services with vendors and/or customers, and HIPAA (Health Insurance Portability and Accountability Act) if they provide benefits to customers who are disabled.

To meet compliance standards, it is important to design a network with appropriate physical and logical boundaries to segregate the compliant operating environment. WatchGuard uses a zoned network architecture to segregate protected information so that it cannot be accessed directly via the Internet.

Network zones can be configured to create a DMZ for all public-facing servers and a Trusted zone where the protected information resides. In addition, all firewall management communications are done via a secure encryption-based protocol.

Why Energy Companies Choose WatchGuard

I looked at Fortinet, Juniper, and SonicWall's current offerings. I looked at cost and ease of the interface. I looked at performance, not only for raw throughput but also for VPN performance. I looked at the available options for antivirus, and intrusion prevention and detection � I wanted a firewall that would respond to outside threats and begin blocking automatically on its own... I looked at all those things, and the WatchGuard devices came out on top time and again. It really became a no-brainer."
- SCADA Analyst/Security Administrator

Free Consultation