At a glance
The Tucson Electric Power Company found it virtually impossible to meet the stringent compliance standards required of a utility. TEP needed to upgrade and automate its inefficient manual vulnerability management process. The utility chose Secunia Research, which is a part of Flexera’s Software Vulnerability Research. The integrated solution delivered centralized automated oversight of software vulnerabilities and helped create a more efficient process for managing security risks.
A power company needed new, upgraded security
Tucson Electric Power Company provides solar and traditionally sourced electricity to more than 400,000 customers in Arizona. As part of the utility’s commitment to deliver safe, reliable energy services, Tucson Electric Power determined to upgrade its security systems. This upgrade would enable TEP to meet North American Electric Reliability Corporation (NERC) compliance standards, which include Critical Infrastructure Protection (CIP) requirements.
The IT security team at the Arizona utility relied on a wide range of information sources to obtain software security updates for its everyday operations. These updates were compiled through an inefficient manual process, with numerous individuals from many different departments receiving vendor notifications, phoning vendors or checking vendor websites.
“We wanted a central place we could find all security vulnerabilities for our devices across the utility spectrum,” recalled Lisa Capristo, IT Security & Compliance manager for Tucson Electric Power. It was time to find a better way.
The ability to view all software and track the assessment of all vulnerabilities and patches in one place is essential to ensure NERC compliance.
Lisa Capristo IT Security & Compliance Manager
An automated in-depth research solution delivered stronger vulnerability security
Tucson Electric Power chose Secunia Research, which is a part of Flexera’s Software Vulnerability Research, to strengthen its security systems against vulnerabilities and remain NERC compliant. This comprehensive vulnerability intelligence solution offers coverage of more than 40,000 systems and applications.
TEP’s IT security team found that Flexera’s solution stood out from competitors with its breadth of vulnerability management solutions and efficient addition of new products to the vulnerability manager service.
The solution provided the power company with a central location to find security vulnerabilities across the board, from generation, transmission and distribution, to physical security and information technology. The security team also utilized group automated reporting for patch assessment and easy data entry in the vulnerability manager.
Centralized solution improves vulnerability management and assures compliance
With the vulnerability solution, Tucson Electric Power has the tools necessary to control security vulnerabilities in their systems and remain compliant with critical NERC standards.
“The ability to view all software and track the assessment of all vulnerabilities and patches in one place is essential to ensure NERC compliance,” Capristo said.
The IT team at Tucson Electric Power now has efficient, centralized vulnerability management. The utility’s inefficient manual processes for compiling vulnerability notification and assessment have been automated, enabling TEP to easily meet NERC requirements to assess all vulnerabilities and patches within 30 days of release.
Secunia Research team members have found critical vulnerabilities in products from vendors
including Microsoft, IBM, Adobe, HP, Mozilla and Apple.