Global 500 Energy Company Repsol Selects CardinalOps to Enhance Detection Posture and Reduce Risk of Breaches
September 2023 by Marc Jacob
CardinalOps, the detection posture management company, bannounced that global multi-energy company Repsol has deployed the CardinalOps platform to continuously assess its MITRE ATT&CK coverage and eliminate security gaps caused by missing or misconfigured detections.
With over 24,000 employees and global operations, Madrid-based Repsol is a global multi-energy provider that strives to lead the energy transition. Having committed to the ambitious goal of becoming a net zero emissions company by 2050, Repsol operates in all areas of the energy value chain, producing energy from hydrocarbons (oil and gas exploration and production) and renewable sources (wind, floating wind, photovoltaic solar, hydroelectric), and transforms it into products and services for mobility and homes.
“Our digital environment is vast and expanding, making it essential that our detection posture is resilient in the face of today’s threat landscape,” said Javier García Quintela, Global CISO of Repsol. “CardinalOps delivers the breadth of security coverage that we need to fix our detection gaps, resulting in a more secure environment and efficient security operations.”
In order to reach the goal of being a net-zero emissions company by 2050, Repsol is leveraging a wide array of digital transformation initiatives to make operations more efficient and less wasteful. However, this increased reliance on technology also brings additional risk due to a significant increase in the attack surface, both in the cloud and in physical facilities. Combined with the continuously-evolving threat landscape, global geopolitical tensions, and the scarcity of cybersecurity talent, this requires a strategic focus on maximizing the effectiveness of security operations.
According to recent CardinalOps data, enterprise Security Information and Event Management (SIEM) platforms only have detections for 24% of all 196 techniques in the MITRE ATT&CK v13 framework, an industry standard consisting of adversary tactics and techniques based on real-world observations. Many of today’s organizations are often unaware of this gap between the detection posture they assume they have and the actual posture they have in practice, creating a false sense of security.
CardinalOps leverages the MITRE ATT&CK framework for measuring an organization’s detection coverage across all these tactics, techniques, and procedures (TTPs), while helping organizations prioritize new detections to address gaps for the techniques that matter most to their business risk profile.
“Oftentimes, CISOs are challenged with addressing the security risk present during digital transformation initiatives – from migrating to the cloud to an expanding digital footprint,” said Michael Mumcuoglu, CEO and Co-Founder of CardinalOps. “This remains a daily burden for security leadership and their teams at large who are inundated with alerts from their security tool stack that aren’t relevant to their unique business risk. We’re excited to work with Repsol in addressing MITRE ATT&CK detection coverage gaps and helping them scale their detection and response capabilities as they reach their goal of being a net-zero emissions company.”