BeyondTrust helps RWE Supply & Trading mitigate administrative rights and unauthorised download risks
BeyondTrust has announced a project to helping RWE Supply & Trading, a leading pan-European energy trading house, to reduce security risks while meeting budgetary and regulatory constraints.
RWE Supply & Trading is a key player in the European energy sector serving as the interface between the global wholesale markets for energy and energy-related raw materials, and the RWE Group, one of Europe’s five leading electricity and gas companies.
As part of its ongoing strategy to protect and continually strengthen its IT security posture, RWE considered the tightening of administrator rights to ensure that users download only applications applicable to their responsibilities and mitigate the risk of rogue software and potential harmful malware damaging its critical IT systems. However, RWE was also concerned that simply removing admin rights from employees would hamper productivity, especially in an environment that makes extensive use of Citrix VDI technologies.
Loucas Parikos, IT security architect for RWE Supply & Trading, said: “We wanted to reduce the attack surface and our chances of being exploited and without negatively impacting on a productive work environment while meeting all regulatory constraints.”
Following an extensive evaluation and Proof-of-Concept phase, RWE selected BeyondTrust PowerBroker for Windows which has allowed the company to eliminate ad-hoc admin rights on all users’ PCs as well as allow fine grained control of privileges on the Windows Servers. With PowerBroker, RWE is able to control the functions permitted on servers, whether accessed by local employees, contractors, employees from other divisions, or by groups to which RWE outsourced.
Once local admin issues had been resolved, Parikos next moved on to reducing its attack surface and vulnerabilities across all IT resources. After undertaking another Proof of Concept of several vulnerability management products and an extended evaluation period, RWE deployed Retina CS from BeyondTrust to scan its disparate and heterogeneous environment to identify security exposures using the results in a consolidated set of actions based on specific vulnerabilities found during the scans.
“The reporting capabilities provide insight and help us prioritise our risks across the entire environment based on industry data about specific vulnerabilities,” Parikos noted. The project was capped by a final stage that used the PowerBroker Password Safe to track who accessed various privileged accounts on RWE’s estate of 1000+ Windows servers and 200+ UNIX systems to enable detailed audits of what had been done during each access session.
The success of the solution has helped RWE retain its strict regulatory and industry best practice security controls. According to Parikos: “Our initial success in working with BeyondTrust to eliminate admin rights propelled us to seek other components that could also be monitored from BeyondInsight. The reporting capabilities and recommendations are excellent, and the more assets we scanned, the more useful those insights became in prioritising our remediation efforts.”