Industry: Energy & Utilities
Project Overview:
Endeavour Energy approached Sydco to implement a Security Information and Event Management (SIEM) system using Splunk, alongside a dedicated OT Security Operations Centre (SOC). The goal was to centralize monitoring, improve threat detection, and enable faster incident response.
Challenges:
- OT logs were siloed and not integrated into the broader security monitoring framework.
- Analysts lacked visibility into OT-specific events and behaviours.
- There was no unified platform for correlating alerts across IT and OT environments.
Solution:
Sydco configured Splunk to ingest logs from firewalls, SCADA systems, and OT sensors. Custom dashboards and correlation rules were developed to detect anomalies such as unauthorized access, protocol misuse, and device tampering. A SOC solution was established leveraging OT security analyst expertise.
Results:
- Security teams gained real-time visibility into OT events and potential threats.
- Incident response became more structured and data-driven.
- The SOC became a central hub for collaboration between cybersecurity and operations teams.
