Top pharma company expands connectivity while preserving security

Taro Pharmaceutical adopts large-scale OT network security platform and avoids potential multimillion-dollar damages from cyber attacks. Elad Ben-Meir, CEO of SCADAfence reports

Multinational Taro Pharmaceutical Industries, a US$4 billion company sells more than 180 drugs in 25 countries and operates in a complex environment with hundreds of industrial devices on seven production floors.

Like many companies with large-scale operational technology (OT) networks that want to maintain their competitive edge and global reputation, Taro faced the choice between greater efficiency or greater security. Instead, Taro now has both.

Increased connectivity equals increased security challenges

Taro decided to invest heavily in the adoption of advanced technologies to improve operational efficiency and reduce operational costs. These new technologies required increased connectivity between Taro’s OT network and its IT systems — as well as increased connectivity to the Internet to enable remote maintenance and advanced analytics.

Additionally, Taro had to comply with new FDA-dictated regulations, such as the adoption of track and trace systems, which demand connectivity between machines on the production floor and external, cloud-based systems. So, what could go wrong? A lot! Taro found out that adopting new technologies within the OT environment

  • led to a significant increase in the number of devices and traffic between these devices
  • proved challenging in terms of maintaining the newly connected OT network using older, manually generated asset inventory methods; the company found it difficult to investigate a series of unexplained incidents
  • decreased visibility into the network activities of external contractors and remote maintenance traffic
  • challenged their leadership position in a competitive market, resulting in part to strict FDA regulations that require the complete control of production operations
  • instilled the fear of potential attacks and the difficulties in controlling OT network activities.

Taro’s management was well aware of the ever-growing OT attack landscape and wanted to avoid the fate of manufacturers such as Merck and Mondelez, which suffered hundreds of millions of dollars in damages because of attacks on their OT networks.

To increase security, increase visibility

All these considerations led Taro to implement a solution that provides the required visibility and security while considering the unique characteristics of its OT environment.

After evaluating several solutions — including both dedicated OT systems and generic IT security systems — the Taro team decided to deploy a platform that features continuous monitoring of their OT environment, a deep understanding of OT protocols and equipment, and a user-friendly interface that could be easily used by its OT engineering team. The security platform Taro selected enabled the company to

  • gain complete visibility of its network’s architecture, assets, connections and traffic
  • discover all devices that communicate with external networks
  • acquire deep knowledge and inspection of OT protocols and warnings upon discovery of anomalies
  • benefit from continuous threat detection of malicious and other abnormal activities.

Like this story? Subscribe to Manufacturing Chemist magazine for the latest news, updates and expert-written articles from the global pharmaceutical and biopharma sectors. For more information click here.

Taro enters the digital age

Taro’s OT network was built with the help of multiple external contractors, including equipment vendors such as Rockwell Automation, Siemens and Schneider Electric.

Now that Taro has deployed its new OT security platform, it enjoys not only non-intrusive monitoring of these systems and their proprietary protocols, but it also has now completely digitalised its asset inventory and built an interactive network map. Together, they provide unprecedented visibility into day-to-day operations.

Moreover, the solution was able to complete the discovery phase within hours and immediately start providing insights into risks and threats that jeopardise operational continuity. The platform mapped connectivity between Taro’s OT network and the Internet and detected new connections — in real-time.

These new connections were established by employees who needed to update software in the production network; the platform allowed Taro’s administrators to immediately enforce the company’s policies and allow only secure, authorised connections.

Security, and then some

Thanks to this security platform and its ability to perform deep packet inspection (DPI) on OT protocols, Taro can now detect anomalies that go beyond security. As Taro’s OT team receives alerts about deviation from normal operational activities, it knows that such abnormalities may relate to malicious threats; or, they may be caused by human error, misconfigurations or malfunctioning equipment.

Taro’s OT team can now track activities, such as firmware updates and configuration changes on their critical-path industrial controllers. In one situation, for example, a configuration change was mistakenly performed on the wrong controller and the anomalous activity was detected as a deviation from the normal communication pattern between the controller and the management system.

This early detection allowed the Taro OT team to quickly identify the root cause and minimise its effect on production activities.

Network visibility equals security equals efficiency

Taro’s new digital, continuous view of its OT environment allows it to reduce operational downtime, enhance network security and comply with demanding industry regulations.

Constant monitoring of all activities within the OT environment enables Taro to maintain an up-to-date inventory of its production assets and a complete log of operational configuration changes — data that’s crucial for pharmaceutical companies undergoing strict FDA audits, which include inspection of information security and network management capabilities.

The bottom line: Taro’s decision to expand connectivity with external environments and combine it with the right OT security platform not only ensures the security and operational continuity of its cutting-edge manufacturing facilities, it also accelerates its Industry 4.0 journey.

Companies