Tri-State Generation and Transmission Association

Tri-State Generation and Transmission Association steps up network security across its critical infrastructure

The risk of a cyber attack shutting down the national power grid is real, and Tri-State Generation and Transmission Association is implementing tougher network security measures to keep the lights on for 1.5 million customers.

"Cyber attacks are always a concern,' said Dave Buffo, Tri-State senior IT security administrator. "We needed to know what was going on with our internal hosts – what they’re doing, who they're talking to, and why.'

"Vectra gives us visibility into our networks, so we can monitor our internal hosts and address security issues in real-time," he said.

Automated, real-time network security

To detect attacks in progress, Vectra continuously monitors Tri-State's internal and Internet-bound network traffic. The highest-risk detections are prioritized so Buffo can quickly mitigate the most serious threats and avert damage.

Each Vectra detection includes severity and certainty scores as well as contextual information about the progression of a threat relative to hosts and key assets.

Augments intrusion prevention

Tri-State also relies on firewalls and intrusion prevention systems (IPS) and endpoint antivirus, but they didn’t always do what Buffo needed.

The IPS was actually blocking behavior that wasn't dangerous. "Our systems were working correctly but the IPS would still block traffic," said Buffo.

"Vectra is smart and knows what is and isn't a threat," said Buffo. "Vectra was the right choice for our environment."

Industry

Energy

Challenge

Protect Tri-State's corporate and subscriber data and prevent cyber attacks to power grid

Selection criteria

Easy-to-use security solution that provides visibility into internal network and activity on critical hosts

Results

  • Provide visibility of internal hosts to halt active network breaches
  • Gain real-time insight of real and false threats
  • Reduce time spent chasing false alarms

Read the Case Study

Related Resources

ESG Lab Spotlight: Cognito - Automating security operations with AI

By Tony Palmer, Senior IT Validation Analyst | October 2017

This ESG Lab Spotlight explores the Cognito platform, which perform real-time detection and analysis of cyber attacks. The security landscape is bleak, and is only getting worse. Vectra is a promising next step toward a more secure infrastructure.

How Cognito improves ROI and operational efficiency for cybersecurity

IT security is an ongoing exercise in ROI and operational efficiency. Organizations have a limited set of resources to address an unlimited set of risks, threats and attackers. This asymmetry means that security products must always be evaluated in terms of efficacy as well as their impact on the operational fitness of the organization. Is a solution a drain on manpower and resources or does it make staff more productive and nimble?

How Cognito is ideal for replacing IDS

IDS relies on signatures to stop known threats from getting into networks. But they are blind to unknown threats. Cyber attackers know this and can change a few bits of code in known malware to create an unknown threat.