AIL – Aziende Industriali Lugano
Overview
Aziende Industriali Lugano (AIL) is the most important retail and wholesale distributor of water, natural gas, and electricity in the Canton of Ticino.
Their products and services are purchased daily by over 110,000 private and business customers, distributed across approximately 54 Municipalities. AIL builds and manages the networks necessary for transporting products from the point of production or purchase to the customer.
The need
AIL’s security infrastructure is composed of multiple devices that generate a large number of logs, which are important pieces of information that need to be centrally stored and managed. AIL was looking for an in-house solution to collect and analyze all the logs generated by network devices, web applications, data sources, and OT (Operational Technology) devices.
In the past, the client had run tests with SGBox’s competitors, but had not found the most suitable solution due to the difficulty in adapting to the existing IT and OT infrastructure.
The choice fell on SGBox because of the platform’s flexibility and its ability to provide a centralized and immediate view of the company’s security status.
After careful analysis, we chose SGBox as the ideal partner that could easily integrate with our systems. It proved to be an open log platform capable of collecting information from any type of system. It is easy to use and quick to implement, and is compatible with all IT security infrastructures.
Michele Rusconi – Head of the IT/OT Services and Cybersecurity Unit
Approach and implemented solution
After performing several preliminary analyses for the configuration of approximately 250 data sources, the SGBox team started the development phase of an ad-hoc system, working alongside AIL’s IT department.
The starting point was the creation of correlation rules, which allowed the client to identify various suspicious/malicious behaviors using MITRE ATT&CK techniques.
Once the on-boarding phase was complete, AIL was able to continue the implementation independently thanks to the ease of configuration and SGBox’s flexibility in recognizing sources.
IMPLEMENTED SOLUTIONS
- Advanced Log Management: collection, normalization, and advanced management of all logs coming from the data sources.
- SGBox SOAR Playbook: upon detecting a malicious IP, it is possible to block it on the firewall using SGBox’s SOAR functionalities, adapted to specific needs, such as notification through the Swiss messaging app “Threema”.
- Template function: a useful function for extracting information following a potential threat, which allows for the production of easy-to-interpret security reports and audits.
Download the case study: AIL Case Study
