Case Study – Construction

Establishing a next-gen SOC for OT/IoT monitoring to manage exposure in connected real estate

DOWNLOAD THE PDF

About the client

The client is a global real estate and construction group developing and managing large-scale properties worldwide. With increasing connectivity across Building Management Systems (BMS), IT, OT, and IoT environments, the organization sought to strengthen visibility and manage cyber exposure across its critical infrastructure, developing a next-generation Security Operations Center (SOC).

The client’s challenge

The client was interested in developing a scalable cyber security monitoring and detection solution that would provide a comprehensive view of their threat landscape as well as deliver timely notifications when IT, OT, and IoT systems became vulnerable or were exposed to potential cyber security threats. They sought a partner capable of providing systematic and rigorous evaluations of cyber risks introduced by the adoption of OT and IoT systems and their growing integration with IT and cloud systems. It was also important to the client to have the capability to rapidly isolate these environments and systems in cases involving a suspected compromise.

Other areas in which the client wanted support included:

Securing critical BMS systems using Deep Packet Inspection for ICS/SCADA Protocols including HVAC, electrical systems, elevators, water, parking lot systems, temperature control systems and developing documents and processes for overall architecture and design.
Protecting high voltage power supply systems (securing the IEC 61850 protocol) and monitoring various HazMat sensors.
Ensuring real-time visibility, monitoring and detection of threats in the organization’s cloud infrastructure – which interacts with OT and IoT systems and sites.

Benefits

Unified visibility across IT and OT: A single operational view of all environments enabled faster identification of vulnerabilities and potential exposure points.
Proactive threat detection: Continuous monitoring and automation improved detection of advanced threats across IT, OT, and IoT networks.
Faster response and reduced dwell time: Integrated playbooks and orchestration tools shortened detection and response cycles, minimizing business impact.
Strengthened compliance and resilience: Alignment with IEC/ISO and NIST standards enhanced governance while supporting ongoing exposure management.

Our solution

CyberProof worked closely with the client and third-party technology partners to design and implement a next-generation SOC supporting both IT and OT environments. During onboarding, CyberProof performed detailed security assessments across Building Management Systems (BMS) and IoT networks, identifying vulnerabilities, architectural gaps, and exposure risks. Initial assessments during the onboarding phase provided a detailed network design architecture for all assets and associated ports, connections, protocols, and vulnerabilities – including gaps in people, processes and technologies required for maintaining their cyber security posture. CyberProof conducted test cases pertaining to possible cyber attacks on the BMS environment to ensure that all systems are hardened and under continuous monitoring.

CyberProof partnered with ICS/SCADA technology vendors for the development and implementation of new hardware and software solutions per the approved architecture. The team installed and configured the necessary hardware sensors, intrusion detection system (IDS), and agents to collect logs in real time from BMS systems (i.e., both IT and OT systems) and sent data to the CyberProof service delivery platform.

Today, CyberProof’s orchestration and automation capabilities allow for faster detection and coordinated response to potential threats, while enriching alerts with contextual intelligence to reduce false positives.

Threat intelligence feeds, custom playbooks, and vulnerability data have been incorporated into daily operations, improving detection accuracy and response speed. CyberProof’s digitized processes and collaboration features also provides real-time communication between analysts and the client’s internal team, ensuring rapid isolation of at-risk systems and minimizing operational disruption. CyberProof also integrates with open source and closed source tools such as VirusTotal, Skybox, and AbuseIPDB to enrich the response. This provides the client with optimized performance, continuous event enrichment, and a single pane of glass view – enabling the operations team to act faster and make data-driven decisions.

All products and services have been designed to be in compliance with IEC/ISO and NIST policy for IT and OT assets.

Results

The integrated SOC improved the client’s threat visibility and reduced exposure across its global sites. Continuous monitoring of IT, OT, and IoT systems shortened time to detect and respond, decreased false positives, and enhanced overall cyber resilience. The organization now benefits from proactive threat-led operations aligned with industry standards, ensuring its building systems remain secure and compliant.

Speak with an expert

Looking for cybersecurity support in the construction industry? Explore how CyberProof can help you anticipate, prevent, and mitigate ever-evolving cyberattacks.

SPEAK WITH AN EXPERT

BUSINESS NEED

INDUSTRY

90% increase in visibility after deploying Microsoft XDR with CyberProof

Organization saves millions on data ingestion & storage following cloud migration

International logistics company sees 40% savings in security operations costs