Digital Supply Chain Security Case Study: E.ON

Discover attack surface
continuously

Prioritize to focus team
on critical risks

Minimize false positives
and noise

INDUSTRY

Energy, critical infrastructure

USE CASE

Digital supply chain security

The Customer

E.ON, a European electric utility company based in Essen, Germany, operates one of the world’s largest investor-owned electric utility. The company employs 80,000+ people and serves 53 million customers across 30 countries.

“IONIX’s approach to attack surface management allows my team to go on offense. We are now able to actively seek, find and fix critical threats from this dynamic and vast digital environment before they impact our organization and our customers.”

René Rindermann
CISO, E.ON

The Challenge

E.ON’s cyber security team recognized the need to proactively expand its processes and procedures to protect the organization and customers from potential data loss due to increased internet exposure. To support the initiative, E.ON’s team identified a key strategic task: understand the risks they are exposed to as part of their attack surface and its digital supply chain.

E.ON’s attack surface includes both its owned and directly managed assets, as well as the third-party IT assets that are owned and managed by vendors and partners. E.ON’s attack surface had steadily grown as it incorporated these vendors’ products and capabilities to deliver best-in-class service and support to its customers. As the E.ON team began to consider the full extent of this online ecosystem and the possible threats E.ON was exposed to. E.ON’s team understood the critical need of getting a clear picture of this vast ecosystem and was a key solution requirement.

The Solution

Two of IONIX’s core capabilities were identified as key solution requirements for E.ON’s project. First, IONIX’s ability to continuously discover and inventory E.ON’s internet-facing assets and their web of external third, fourth, fifth, and Nth connections and dependencies. This extended coverage was essential to understanding the real risk exposure.

Second, E.ON needed a method for identifying and prioritizing risks to focus the security team, dedicated to protecting and managing this attack surface, on the critical risks. IONIX’s multi-layered risk and vulnerability assessment of Web, Cloud, DNS and PKI infrastructures minimizes false positives and noise while prioritizing the most critical vulnerabilities. E.ON security team gained valuable insights from IONIX to improve their efficiency and effectiveness.

The Outcomes

IONIX Attack Surface Management platform has allowed E.ON to proactively remediate vulnerabilities. By acting before hackers are able to exploit these vulnerabilities, E.ON has been able to prevent significant damage in terms of dollars, brand reputation, or customer trust and loyalty.

IONIX SaaS platform and required no installation, configuration, or modification to E.ON’s existing IT. As a result, E.ON was able to gain valuable actionable insights into its attack surface immediately.

The automated attack surface discovery, risk assessment and prioritization enabled E.ON’s security team to remediate more vulnerabilities and reduce risk without expanding the team.

“With IONIX , we are confident that its Attack Surface Management gives us the critical visibility we need to solve the difficult challenge of managing the risks and vulnerabilities in our entire attack surface and its digital supply chain.”

René Rindermann
CISO, E.ON