Customer Story
Austria's Largest Power Producer uses ExtraHop Reveal(x) as a building block for its Security Operations Center (SOC)
Real-time visibility and threat detection across all network traffic, including encrypted traffic
Seamless integration with core ITSM applications, streamlined threat detection, and response activities
Easy-to-use interface without the need for system training allowed rapid adoption across security and operational teams
The Beginning
Providing Critical Utilities
VERBUND is Austria's largest electricity producer and operates critical infrastructure assets, covering approximately 40% of the country's electricity generation. As such, the company takes cybersecurity extremely seriously and has invested significantly in technical training, systems, and expertise to protect its enterprise applications, IT-infrastructure, and its operational technology (OT).
Traditionally, VERBUND has relied on individual departments to design, implement, and manage security within their respective domains and operational roles. However, following a cybersecurity strategic review in 2018, senior management decided to consolidate security functions into a more centralised Security Operations Centre (SOC). As part of this process, VERBUND evaluated several network detection and response (NDR) platforms in search of the solution that would form one very relevant component of its new SOC.
ExtraHop gives us a holistic view of any situation and the ability to understand how each event impacts all the connected systems. This is a major advantage for us.
Florian-Sebastian Prack
Project Manager SOC and OT Security Specialist,
VERBUND
The Transformation
Getting Fast, Actionable Insights
The Extrahop toolset is one component to help build up the new SOC. VERBUND evaluated Reveal(x) alongside other well-known NDR vendors as part of an eight-week proof of concept. "It really opened our eyes to what is possible and gave us a good understanding of how each solution worked," said Florian-Sebastian Prack.
ExtraHop proved itself superior in a number of areas, especially in terms of its core capabilities. "Some of the other systems rely just on metadata and extensive training, whereas ExtraHop is able to quickly give insights and then allow to easily drill down to find specific items that the other systems were simply unable to uncover." It also gives visibility into SSL/TLS 1.3-encrypted traffic without compromising data privacy—a major consideration of VERBUND.
VERBUND also found that Reveal(x) easily paired with its existing systems and workflows. The security team has integrated Reveal(x) with its SIEM and its Atlassian Jira ITSM to provide a process-driven method of analysing alerts and managing responses.
The Outcome
Strong Tools Enable Confident Security Operations
Although the development and organisation of teams for the new SOC is ongoing, VERBUND already uses ExtraHop to more quickly detect and respond to security incidents.
In one example, ExtraHop automatically identified a development environment linked to an unsecured server outside its protected network.
Reveal(x) has also detected previously undiscovered anomalies within the network and application data flows. Many of these application-layer issues were hard to spot before.
This comprehensive visibility has dramatically improved the accuracy of threat detections and speed of response times.
Development of the SOC is progressing rapidly, and VERBUND is confident about the value ExtraHop Reveal(x) delivers. They are now in the process of getting more people trained and using ExtraHop on a daily basis. They are also looking at creating dashboards, additional scripts, and integration of ExtraHop as a core part of both security and IT support across the entire organisation.