Optiv + Major Utility Provider = Powerful Targeted Prioritization



The Situation – 3K+ untested OT devices increased risk of blackouts


A major utility company with 18 locations and over 3,000 connected devices on their network needed to evaluate their security posture. But because they didn’t understand which critical systems were linked to which devices, prioritizing a study was difficult. Any one vulnerability could’ve led to a blackout level impact, leaving many households and businesses without electricity.


Properly evaluating each device would require significant costs and labor, so the client needed help prioritizing their efforts. The client’s security team lacked both the resources and expertise to transition from a reactive to proactive approach. With an increased likelihood of data breaches and compliance requirements going unmet, the retailer faced a loss of productivity, visibility and additional security risks.


Committed to building a holistic cybersecurity program, once new technologies were in place and POS (point of sale) data was encrypted, they would need to optimize their program for risk management 24x7x365.


The Solution – architecture evaluation of IT and SCADA to find highest risk devices


We led an architecture evaluation to identify the client’s critical IT and supervisory control and data acquisition (SCADA) systems. To help our client fully understand their environment and current risk profile, this assessment also included an asset inventory and security vulnerabilities evaluation.


Forming a joint team with the client, we were able to prioritize critical vendors – proposing a full device test on three third-party vendors that presented the most risk to the utility. This test included evaluations of the software, firmware, hardware and network interfaces for each device.

Industry Served: Utility

Our Starting Point:

  • Client had 3,000 connected devices, but were unsure which ones were of critical importance
  • Testing devices individually would be expensive and labor intensive
  • Unresolved vulnerabilities could lead to blackouts for many homes and businesses

Accelerating Forward:

  • IT and SCADA architecture evaluation, including asset inventory and vulnerability assessment
  • Third-party device test targeted towards highest risk vendors
  • Full evaluation of critical software, hardware, firmware and network interfaces for identified devices

Client Outcomes

  • Timesaving targeted efforts – found the appropriate third party devices to test
  • Highest risk devices prioritized for swift remediation
  • Successful, efficient product evaluation – Optiv Attack and Penetration team conducted a successful product evaluation within six weeks of project conclusion
Utility Case Study Download.png

Download a printable version of this case study for more details


How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.