Northern Minerals is a leading Australian mining company, focused on rare earth extraction at its Browns Range site in Western Australia. With a focus on supporting sustainable operations, Northern Minerals plays a critical role in the global supply chain for electric vehicle components and modern energy technologies.

Challenge

Overcoming Connectivity and Security Challenges in a Remote Mining Environment

As Northern Minerals approached commercial-scale operations, the company faced multiple challenges tied to its remote location and legacy infrastructure:

• Unreliable Communication Infrastructure: The remote nature of the Browns Range site made establishing reliable communication difficult, impeding operational efficiency and real-time data transfer.
• Outdated Security Architecture: Existing legacy network investments lacked modern security features, increasing the risk of cyber threats.
• Need for Strategic Technology Modernisation: The shift from exploration to full-scale production required future-proof technology investments to ensure scalability and operational resilience.

“Addressing legacy architecture required careful planning around modernisation efforts, adopting newer technologies, and gradually phasing out legacy investments which lacked modern security features, making them more vulnerable to cyber-attacks.”
— Ryan Strauch, CIO, Northern Minerals

Solution

Transforming Network and Cyber Security with Modern Infrastructure

Northern Minerals partnered with Orro for a strategic overhaul of their network, security, and cyber infrastructure, ensuring their operations were secure, scalable, and capable of supporting long-term growth.

Key solutions implemented included:

• Enhanced Network Infrastructure:
  • Implementation of LEO satellite technology through SatOne, with additional Starlink capacity, improving bandwidth and reducing network latency from 600ms to under 80ms.
  • Deployment of Fortinet SD-WAN technology to optimise multiple carriage links, dynamically routing traffic based on real-time conditions such as congestion or link degradation.
• Streamlined Network Management:
  • Adoption of a design-led approach to project management, ensuring streamlined operations and reducing administrative overhead by simplifying network management and stakeholder collaboration.
• Advanced Cyber Security Services:
  • Introduction of Managed Extended Detection and Response (XDR) powered by SentinelOne, providing centralized visibility across multiple security layers, enhanced threat detection, and automated responses.
  • Engagement of Orro’s Incident Response Retainer (IRR) service, offering pre-paid hours for expert cyber support, ensuring rapid access to cybersecurity specialists for both minor breaches and major incidents.
• Centralised Network Control:
  • Integration of Orro’s One Touch Control (OTC) platform, providing a single source of truth for all devices and network components, simplifying monitoring and management across the entire ecosystem.

“In collaboration with Orro, we streamlined our technology stack by consolidating to Fortinet to take advantage of their high performance and scalability. Their solutions not only meet our current needs but are also designed to scale with our projected growth.”
— Ryan Strauch, CIO, Northern Minerals

Outcome

Stronger Communication, Security, and Long-Term Operational Confidence

The strategic partnership with Orro delivered substantial operational improvements for Northern Minerals, including:

• Significant Communication Improvements: Latency reduced from 600ms to under 80ms, supporting better real-time data exchange and remote site efficiency.
• Enhanced Cyber Security Posture: Strengthened threat detection and faster response times, ensuring proactive protection against evolving threats.
• Streamlined Operations: Simplified network management and stakeholder collaboration, reducing administrative overhead.
• Future-Ready Infrastructure: Modernised technology foundation capable of supporting Northern Minerals’ future digital transformation initiatives as part of their ongoing digital roadmap.

Ongoing Collaboration

Northern Minerals continues to work closely with Orro on further projects to ensure increased reliability, capacity, and security across their expanding network infrastructure.

“Orro’s team are local, responsive, and have focused expertise in the fields of network and cyber security, providing real confidence that they are the right strategic partner for the long term.”
— Ryan Strauch, CIO, Northern Minerals

Discover how Orro can enhance your operational resilience with cutting-edge network and security solutions. Contact Us Today.

The post Modern Infrastructure for Northern Minerals appeared first on Orro.

As powerful as this technology is as a learning tool, it also requires a significant amount of connectivity and a robust platform to power it effectively. In order to bring the best-in-class learning experiences to their students, TAFE Queensland sought the Orro Team’s help to upgrade and transform their network.

This mammoth project completed over two years saw our team completely redesign and upgrade the existing TAFE Queensland network across 60 locations, from Thursday Island to Coolangatta and west to Mount Isa.

CHALLENGES

One of the biggest challenges of rolling out an upgrade to the entire TAFE Queensland network was geographical. Not only is the state large in size, but many areas are remote and present a challenge in terms of physical access as well as the existing infrastructure and resources available to complete the necessary upgrades.

TAFE Queensland and the Orro team were both extremely conscious of creating equity amongst all locations, regardless of their remoteness.

From a technical perspective, the existing network was outdated and no longer fit-for-purpose. To successfully deliver their technology-rich curriculum and create a world-class online learning environment, the network required faster access, improved performance and usability. It also needed to support advanced learning tools like virtual reality.

Of course, when coupled with the need to rapidly move to remote learning during the COVID-19 pandemic, TAFE Queensland found their network stretched.

PROCESS

So how do you design and implement a new network architecture that will work at all 60 TAFE Queensland locations, regardless of their existing infrastructure?

The project for continual upgrade and roll-out took two years to complete. Our team designed the architecture to create a secure wireless network that operated across all environments and was consistent. Using Cisco’s Meraki platform, the team created a fully optimised, secure network to transform each location into a smart campus.

The detailed rollout plan included photos of every switch deployed, so that the team could remotely talk to anyone onsite through the environment and necessary adjustments or repairs.

With the added functionality of Orro’s one-touch control to manage the network, it’s now possible to see and report on every device as needed.  

The Orro team also took great care with the logistics for the rollout. Project managers kept up-to-date coordination plans and worked closely with TAFE Queensland to manage all aspects of the implementation at each location. Access to campuses, gear, cables and personnel all needed to be carefully organised to ensure the majority of sites were only visited once, minimising costs and delays.

The COVID-19 pandemic added further challenges to the project, making it more difficult to access the right people and suppliers. This led to the inevitable readjustment of some schedules while aiming to fulfil the requirement of only visiting each site once where possible.

OUTCOME

Chief Information Officer of TAFE Queensland, Alan Chapman, summed up the success of the project when he informed our team that 2022 was the first year where during the return to TAFE classes, he had not received a single complaint about the network being down or a lack of bandwidth interrupting online activity.

TAFE Queensland is so satisfied with the outcome of the project, they have contracted Orro to manage the entire network going forward.

Quality architecture is essential, but in a project of this scale, quality planning is also a top priority. Our team were able to effectively deliver this massive project through careful and detailed planning, as well as leveraging key relationships throughout the process.

The Orro team maintained a close partnership and transparency with TAFE Queensland throughout the rollout. They also worked closely with Cisco and Telstra as the network carrier, ensuring that at each location was ready to accept the enhanced bandwidth.

TAFE Queensland found the Orro team to have the experience to handle the scope and complexity of this project, but with an agile approach and the ability to evolve as required throughout the process. All of this has successfully delivered a network upgrade that is supporting the next generation of TAFE students across Queensland.

The post Upgrading TAFE Queensland’s Network Across 60 Locations appeared first on Orro.

Working closely with Orro, there was a strong desire to adopt a policy-driven, automated, and orchestrated architecture to support both current and future data centre hosting requirements. As these types of updates are generally only made every five or more years, it was critical to develop a forward-thinking strategy that would future-proof the data centre.  

The data centre upgrade project had the following key objectives:

• Adoption of automation, orchestration, and segmentation
• Increased bandwidth capacity
• Increased visibility and integrated management
• Support for off-site data centre migration
• Integration with the cloud
• Improved reliability
• Reduced operational cost (long-term)
• Reduced cost for future maintenance renewals.

This challenging job across a large, dynamic network required a seamless transition and no downtime. With hundreds of systems running across the university, careful planning was critical. Our team worked closely with the university team to stage out the migration and build trust in the process.

Challenges

As with any project of this size and scope, there were a range of challenges that needed to be addressed.

Overall, the procurement process required was lengthy and created additional delays to the project delivery.

Detailed planning and documentation were required to ensure the process was as smooth as possible, and all procurement requirements were met.

The project also required a lot of coordination and communication between cross function teams regarding their unique network, server, storage and application requirements.

Delivering the project during the Covid-19 pandemic meant there were restrictions on attending the campus in person, travel in general, and team members on sick leave throughout the delivery of the project.

The global shortage of semiconductors or ‘chips’ also impacted the data centre migration, with delays in accessing the hardware necessary to complete the rollout.

Solution

Preparation was key to ensuring the new data centre was implemented seamlessly. The Orro team developed a detailed strategy, supported by documentation and rigorous testing, to ensure a smooth rollout of the new data centre. The project was phased out over four separate stages:

• Stage 1 – Planning services to design an upgrade solution for data centre switch environment, including ongoing maintenance, and confirmation of a full Bill of Materials (BOM) for the project, planning the implementation of the data centre infrastructure, and the adoption of advanced data centre features.
• Stage 2 – Equipment procurement of the Bill of Materials and the services to manage equipment delivery.
• Stage 3 – Implementation services to stage and configure the equipment prior to data centre installation. Equipment configuration included base routing, switching and a proof of concept of advanced features. Upon completion of successful configuration and testing the equipment were deployed in the data centres in a standalone state.
• Stage 4 – Migration services split into two phases.  Phase 1 included the migration of UniSC workloads to the data centre new infrastructure with all traffic traversing the new switches. Phase 2 included the adoption of advanced data centre features for three UniSC applications. Migration services also included the decommissioning of the existing data centre switches.

Outcome

It has been said that a good partnership is how you deal with things when a project is not going well. Our team were always upfront about any issues to mitigate problems as early as possible. Combining the technical and project management level communications in a central way gave greater transparency throughout the project delivery.  

Not only was the team very clear in their communication with the UniSC team and the vendors on the project, they were highly responsive throughout the process. Relationships are key to success and our team brought strong vendor, integrator and manufacture relationships to the table. Coupled with the well documented and tested solution, this resulted in a lack of major issues, and overall the project was a very positive experience for the USC team.

Being local was also a real benefit to the project team, as it helped foster a deeper partnership and meant the Orro team was very accessible. Throughout the project, our team were also able to provide insights into what similar organisations were doing, understand unique pain points, and apply that expertise to get the best possible outcome for the university.

Since the finalisation of the project, the new data centre has proven to be more than simply effective. UniSC has seen reduced outages and now enjoys significantly improved visibility with real-time analytics and monitoring of the data centre environment. Orro was extremely cognisant of the need for genuine transformation, not just replacing like for like, and has provided the university with a further proofed next-generation data centre.

The post Data Centre Upgrade for the University of Sunshine Coast appeared first on Orro.

Challenge

Saddled with system limitations, Townsville City Council wanted to increase its resilience against threats with an automated, more efficient approach to cyber security.

Outcome

Townsville City Council gained 24/7 holistic security visibility and accelerated threat hunting with Orro based on the Splunk platform, slashing SIEM operating costs and streamlining compliance.

VISIBILITY IS VITAL IN THE FACE OF INCREASING CYBER THREATS

Serving 200,000 residents, Townsville City Council (TCC) is the largest regional council in Queensland, Australia. TCC is committed to fostering sustainable growth through driving economic diversity and generating an enriching lifestyle.

While cyber security is of top importance to TCC, security issues were being handled manually, which did not offer full threat visibility and impacted residents’ trust. TCC engaged a new managed cyber security service from Orro — powered by the Splunk platform — to adopt a more holistic approach to cyber security and tackle ever-changing needs and threats.

DATA-DRIVEN OUTCOMES

• ~85% faster threat hunting
• 65% savings in SIEM operating costs
• Improved customer experience

THREAT HUNTING WITHIN MINUTES

Based on the Splunk platform, Orro offers 24/7 managed services through a locally operated security operations centre (SOC). TCC can now identify root causes of security events through automated data correlation, turning data into holistic security visibility across its digital environment. While other third-party vendors only support 30 days of logging, Splunk lets TCC search months of data and correlate it with new events — helping uncover potential security breaches in the supply chain.

With Splunk applied across all security operations, Orro empowers TCC to accurately identify suspicious activities, infrastructure misconfigurations and exploitable vulnerabilities while prioritizing security alerts according to risk level. Critical threats now never go unnoticed and are always escalated — quickly.

Previously, it could take Council up to 50 minutes to explore a security issue. Now the team is now able to address concerns about 85 per cent faster thanks to Splunk.

Improved logging also streamlines compliance and fulfils audit requirements, particularly when dealing with low staff members due to sickness or holidays. Now, Splunk breaks through the complexity with full security visibility that allows TCC to make informed decisions that improve its security posture — boosting user experience.

SERIOUS COST AND TIME SAVINGS

Thanks to Orro’s professional consulting service and the Splunk-based SOC, TCC has slashed SIEM operating costs by 65%, freeing up vital funds for other priorities which can be reinvested into other cyber security initiatives.

Since the Splunk platform is highly scalable, TCC can integrate new solutions into its IT environment by using Splunk’s extensive library of existing integrations. New product onboarding into the SIEM environment is also faster. Because of Splunk’s leadership in the industry, other vendors already have relevant support solutions in place, which reduces the need for bespoke solutions and saves ongoing SaaS costs and implementation time.

Every day, Splunk solutions help TCC filter security alerts for more efficient troubleshooting. Orro’s security analysts are committed to constantly reviewing incidents for the council, leaving employees with more time to concentrate on governance, risk management and compliance tasks. And Orro’s service is not limited to the SOC. By leveraging the power of Splunk, it has fully addressed all requirements and made significant inroads to TCC’s cyber security maturity journey.

The collaboration between Orro and Splunk creates a perfect combination of human ingenuity and machine intelligence, which allows TCC to even go further than expected. With the wealth of enterprise ICT knowledge possessed by the security architects and engineers from Orro — which is one of the few organizations in Australia offering resources with ICS/SCADA security and industry-specific training — TCC is able to glean maximum benefits from the Splunk platform and readily map business requirements to optimal technical outcomes.

A new standard for customer experience

TCC’s system now runs smoothly with maximum uptime and service availability. The organization addresses potential security issues within minutes with an immediate follow-up call to the impacted customer. As a result, customer experience and trust — core principles for TCC — have soared. And since TCC can better monitor areas that it previously could not cover — analysing local data instead of relying on U.S.-based information — the organization can focus more on high-value and high-risk areas, better safeguarding the health and well-being of the community and environment.

With Orro and Splunk now filling any gaps in technology, TCC can focus more on fueling continued growth of its cyber security team and optimising critical business processes. The result? Better user experience and a more resilient community — today and tomorrow.

INDUSTRY

• Public Sector

SOLUTIONS

• Security
• Platform

The post Managed Cyber Security for Townsville City Council appeared first on Orro.

“We had confidence in Orro’s capabilities to roll out such a robust network transformation, we all worked very closely together and it felt like one team”

Munro Farmer – CIO, Australia Post

Network transformation boosts Australia Post’s performance

In smaller towns, Australia Post acts as a community hub – where residents can conduct banking, pay bills, buy products as well as traditional banking services. Network downtime can leave these communities stranded. For customers, particularly those in regional areas, the project has resulted in delivering more reliable and accessible services.

“This project has been really important to us and our customers because it helped us overhaul our ageing and limited legacy network, which was also suffering from reliability issues. We have one of the largest networks in Australia and it was really important for us to be able to deliver better services to our business and also to our customers,” said Munro Farmer, CIO at Australia Post

Watch the Case Study

“We now have increased network resilience and uptime, and we are equipped with a robust communications backbone that will allow us to deliver the next generation of digital services. This means for the first time in Australia Post’s history, every staff member within the organisation will be on the same communications platform,” said Farmer. 

Australia Post and Orro transform 4,000 sites across the country

Together, Australia Post and Orro transformed 4,000 sites in a two-year timeframe, which involved maintaining a velocity of more than 200 sites per month.

“We had confidence in Orro’s capabilities to roll out such a robust network transformation, we all worked very closely together and it felt like one team. Having a strong partnership with Orro throughout the project, to not only complete important milestones, but also work through all the challenges with us together, has been key to our success,” said Farmer

“This project has been really important to us and our customers because it helped us overhaul our ageing and limited legacy network.”

Munro Farmer – CIO, Australia Post

One Touch Control streamlines network management

Unique to this project is Orro’s internally developed network management platform called One Touch Control (OTC), which has the unique ability to amalgamate multi-vendor and carrier connectivity into a single dashboard. From here, Australia Post can monitor and report on network performance, hardware health, carrier SLAs and best practice business processes. 

“The partnership with Australia Post is incredibly important for Orro Group. It is our largest customer, which launched us into network management within the enterprise space in Australia,” said Cam Quilty, CRO at Orro.

Orro began work on the project in August 2019 and is now responsible for network performance and upgrades for the next five years.

The post Milestone Network Transformation for Australia Post appeared first on Orro.

Growing a business in uncertain and difficult times required them to approach the management of their risks and obligations with an entrepreneurial spirit. This has seen them develop a strategic roadmap that shifted them away from traditional security generalists towards more boutique, focused service providers.

As with most forms of growth, this was not without its challenges and restrictions, and with the availability of skilled security resources in short supply, they investigated innovative strategies to address this.

Client objectives and challenges

Protecting their corporate, customer and employee information

Unlike other more tangible assets, information can flow like water and also be duplicated and accessed by anyone who has access to it. The increased need to communicate with and provide services to clients and partners both in Australia and Internationally required more resources than most internal teams can provide. This need prompted them to consider augmentation and support models that would be collaborative, enhancing instead of replacing their capability.

The need for specialised and focused security services

As an organisation with a number of diligent business partners and service providers, in addition to addressing the challenge of internal security capacity, came the need to obtain less general and more specific security expertise. Obtaining specialised services also addressed the potential for conflicts of interest within service providers who were only partly responsible for security.

Increasingly complex and difficult business and technology environment

As the client developed new services, onboarded new partners and integrated new technology, the need for consolidated, unified and well managed logging and monitoring grew. Their response was to establish security visibility through new and uplifted security capabilities.

Responding to security incidents

Due to the increase in cyber attacks, the reliance on technology to support business functions and sophistication of cyber adversaries, the frequency and complexity of attacks against People, Processes and Technology has grown almost exponentially. This ever-present threat has required a vigilant round-the-clock and experienced incident response capability.

Pressure to contain costs and still demonstrate strong performance

As with all modern businesses, there is a need to balance risk management with agility and performance. This has led to the adoption of lower cost, higher value and more innovative security solutions and services.

Obtaining and retaining security knowledge and expertise

In addition to acquiring full-time and partner security expertise, our client has adopted an ongoing commitment to developing a cyber savvy workforce. This has seen a combination of internal and external insights and education as well as an ongoing facilitated assessment of their workforce resilience to cyber attack. Through this and their partnering, they have expanded the reach of the cybersecurity team and improved the effectiveness of many other controls.

Our services

Orro supported the client in establishing a collaborative 24×7 Security Operations and Management capability initially within Australia. This was supported by Orro’s Security Operations Centre and, based on the outcomes achieved, a scaled version of the same service was subsequently adopted by their global parent.

Our services involve the collaborative orchestration of People, Processes and Technologies on a global basis to support the timely detection, response & recovery from attempted or actual cyber attacks.

Based on this highly integrated and collaborative approach, we provide immediate response including taking authorised mitigation and containment actions that utilise our own, as well as our partners’ and the Client’s security technologies and capabilities.

In addition to the response service, Orro provides proactive security assurance and threat hunting as well as other capabilities to prevent security incidents.

Our focus

Orro’s focus was to support the client in establishing and operating a 24×7 security incident detection and response capability that leveraged internal and external skills and capability. This included a number of client managed products such as Data Analytics, Web and Email Content Inspection, AV, WAF, Desktop Threat Protection and others.

Our role in this environment was to provide security monitoring, investigation, control validation and incident response.

Client outcomes

Our services supported faster, more consistent and wider coverage for incident detection and response. Through numerous investigations Orro has successfully defended the client systems, services and information from a variety of attacks.

Our client now considers Orro to be an important extension to their own cybersecurity team. This has led to direct one on one consultation with the Client’s management team to help create and maintain internal security assurance, support and advocacy.

Key achievements

On behalf of our Client, Orro enabled:

• faster, proactive and more effective identification and resolution of security incidents.
• demonstration of the Client’s control effectiveness and risk management outcomes.
• increased engineering and management visibility across the threat landscape.
• proactive security initiatives such as Threat Hunting, helping to achieve a greater security maturity.
• improved internal stakeholder security awareness and satisfaction around security services.
• effective and measurable compliance to internal and external security requirements.
• reduced reliance on, and higher value outcomes from internal cybersecurity resources through automation, outsourcing and collaboration.
• a global and local security perspective based on vetted, targeted threat intelligence.
• operational support to security management and the ability to augment internal personnel when required.
• increased confidence around cybersecurity in all levels of management up to and including the Board.

Why Orro?

We are:

• a Gartner recognised managed security service provider.
• ISO27001 Certified and the scope of our certification includes all processes and procedures.
• a true 24x7x365 Cyber Security Services Provider.
• Australian based with follow the sun services.
• flexible, creative and robust without the overheads of international suppliers.
• experienced, security cleared and qualified.
• focused on Security; our Clients are part of a trusted community that shapes everything we do.

We deliver:

• our services from our Cyber SOCs located in Sydney, Melbourne and London.
• deep & broad security expertise across a range of industries.
• incremental and modular service delivery to flex up and flex down as Client needs evolve.
• One Team working collaboratively with our Clients who have access to all our capabilities.

Gartner Extract:

Asia/Pacific Context: ‘Magic Quadrant for Managed Security Services, Worldwide’ Published: 27 April 2018 ID: G00345198
Analyst(s): Sid Deshpande, Craig Lawson, Rajpreet Kaur
Founded in 1999, [Orro] is a pure-play security company that provides managed security, consulting and assurance services. Its client base is predominantly in Australia today, and it specializes in general-purpose MSS, along with offering consulting services that support customers’ security operations requirements. [Orro] offers management capability for a wide range of network security and threat management functions. It also supports more granular service deliverables than many larger providers by being able to provide out-tasking and overflow support on top of the more standardized MSS SLA-based management and monitoring of security products. [Orro] is able to compete with larger competitors because of its flexible service delivery options and its ability to customize service delivery for a wide range of customer requirements. [Orro] operates out of four locations (Australia [Brisbane, Melbourne and Sydney] and London, the U.K.), with two SOCs in Sydney and Melbourne.

The post 24×7 Security Operations & Management for Financial Services Client appeared first on Orro.

The lifeblood of their business and internal and external communications are all dependent on secure and reliable technology and information.

The client has traditionally operated a multi-vendor environment as well as a large internal technology workforce. Their technology and related services footprint is also globally distributed.

Client objectives and challenges

Increasingly complex and difficult business environment

Like many of its peers, our client has undergone significant business changes and transformation, and as a result, has needed to review its previous strategies, and has sought to leverage trusted partners to support them through a quickly evolving business landscape and a number of new risks. This led to a great deal of innovation and collaborative, creative problem solving from the Client and its business partners.

Pressure to contain costs and still demonstrate strong performance

In addition to the already complex business environment, as an ASX listed company, our client has continued to have the business imperative and responsibility to contain (and reduce) its operational costs, while continuing to deliver on its commitments to its stakeholders. After establishing many of the foundation security controls, they have recently directed attention and investment towards agile, flexible and adaptable security services such as ours.

Innovation and rapid pace of technology change

Technology, the associated new capabilities and the threats applicable to these have increased in accordance with the fast pace of technology and service innovation. Many of the technology improvements that have had such a positive impact on productivity (such as Cloud Services and Mobility) have introduced new risks that must be addressed.

Obligations to clients and others around the protection of information

Australian and International legislation and regulation around the protection of information have led to a more transparent and proactive approach to security. This highlighted the need for demonstrable security controls that were both effective and measurable to address the ever increasing threat of cyber attack.

Remote and offshore services

Whilst there are obvious benefits to remote and offshore services, this has also introduced additional points of potential security vulnerability and risk. With the COVID 19 pandemic, the remote workforces of many businesses have been adversely impacted. Cultural and technological differences have also introduced security and risk challenges of their own.

Obtaining and retaining security knowledge and expertise

As one of the most sought after skills, cybersecurity has become increasingly difficult to resource. Many organisations, including our client had been forced to rely on expensive contractors and address internal skills gaps through career pathing such as internships. The revolving door of security had led to problems of knowledge continuity and key person dependencies.

Our Services

Orro supported the client initially by delivering security architecture and consultative services. The services were established to augment the existing team and to support them in their security maturity journey.

As part of the security maturity journey, Orro documented the service related team functions and proceeded to deliver these for the Australian Region, remotely out of its global Security Operations Centre at a cost saving to the client.

Orro services were then further expanded by delivering security assurance services, security project support, security governance and security leadership within the organisations. Following the loss of a number of key security personnel, Orro also supported the client with security resource augmentation, including key roles such as Security Operations Team Lead. As part of taking on Security Operations responsibilities for a period of time, our on-site security Analyst resources took it upon themselves to document Standard Operating Procedures.

The services delivered by Orro from its Security Operations Centre evolved into the Global Security Service Desk service which delivers 24×7 security governance and assurance on business as usual security requests raised by business users across all of the client’s regions.

Our Focus

Orro’s focus was initially to flexibly deliver a number of discrete security services. As the services were delivered, we continually sought opportunities to increase the value of services to the client. In addition, we invested in resources that, over time, became much more familiar with the Client and its business to the point that the Client requested that they be embedded within their own team.

Our role in this environment was to provide security strategic advice and guidance, assessment, monitoring, investigation, control validation and incident response.

Client outcomes

Our services supported the client in establishing a security capability that they could build on to meet their requirements. We also helped them catalogue their applications and build an assurance program to meet their business, compliance and regulatory requirements. In addition, Orro established a security service to meet governance and assurance requirements as part of the security service desk service.

Our client considers Orro to be an important partner in delivering BAU Governance and Assurance activities to enable internal teams to concentrate on higher value project related tasks.

Key Achievements

On behalf of our Client, Orro:

• established a consistent security services engagement point for BAU Security Requests.
• enabled the development of numerous improvements within the Risk and Governance Team.
• supported the Client’s various regulatory and risk management requirements and outcomes.
• delivered visibility of the state of cyber security controls within the organisation applications.
• enabled identification of security vulnerabilities within applications and infrastructure.
• enabled greater prioritisation of security issues and reduction in complexity through standardised governance processes and consistent reporting.
• reduced operational security overheads through utilisation of retained knowledge and simplification of security project support
• simplified the process of project engagement of security resources and helped standardised the project artefacts delivered by the security team.
• enabled the ability to scale up and down as well as refocus / redirect effort where and when it was required.

Why Orro?

We are:

• a Gartner recognised managed security service provider.
• ISO27001 Certified and the scope of our certification includes all processes and procedures.
• a true 24x7x365 Cyber Security Services Provider.
• Australian based with follow the sun services.
• flexible, creative and robust without the overheads of international suppliers.
• experienced, security cleared and qualified.
• focused on Security; our Clients are part of a trusted community that shapes everything we do.

We deliver:

• our services from our Cyber SOCs located in Sydney, Melbourne and London.
• deep & broad security expertise across a range of industries.
• incremental and modular service delivery to flex up and flex down as Client needs evolve.
• One Team working collaboratively with our Clients who have access to all our capabilities.

Gartner Extract:

Asia/Pacific Context: ‘Magic Quadrant for Managed Security Services, Worldwide’ Published: 27 April 2018 ID: G00345198
Analyst(s): Sid Deshpande, Craig Lawson, Rajpreet Kaur
Founded in 1999, [Orro] is a pure-play security company that provides managed security, consulting and assurance services. Its client base is predominantly in Australia today, and it specializes in general-purpose MSS, along with offering consulting services that support customers’ security operations requirements. [Orro] offers management capability for a wide range of network security and threat management functions. It also supports more granular service deliverables than many larger providers by being able to provide out-tasking and overflow support on top of the more standardized MSS SLA-based management and monitoring of security products. [Orro] is able to compete with larger competitors because of its flexible service delivery options and its ability to customize service delivery for a wide range of customer requirements. [Orro] operates out of four locations (Australia [Brisbane, Melbourne and Sydney] and London, the U.K.), with two SOCs in Sydney and Melbourne.

The post Strengthening a Top General Insurer’s Cyber Security appeared first on Orro.

The network services the needs of more than 800 employees – with tasks such as end-user computing, server and database access. It is also assisting company expansion and avoiding potentially costly customer service disruptions. To date, all of the company’s 36 sites have been migrated to the Orro network.

Challenge

One of the network’s most important functions is assisting with the company’s 24-hour site service, installation, maintenance and diagnostics services. 

Conveyor belts are used by mining companies to transport ore and other materials from mines to locations where they can be processed. Some of these projects are modern engineering marvels – with one in Queensland measuring more than 4 kilometres long.

Any faults or damage to the conveyor belts are serious issues, with outages potentially costing companies hundreds of thousands of dollars. 

Watch the Case Study

“Orro provided us with a full migration plan and they stuck to it throughout the life of the project.”

Sammy Jammal – National IT Manager, Fenner Conveyors

Solution

Fenner Conveyors, which has been manufacturing rubber conveyor belts in Australia for more than 150 years, has recently introduced autonomous conveyor belt monitoring – via the Orro network – which helps with testing, evaluation and support with a team of onsite engineers.

Sammy Jammal, National IT Manager at Fenner Conveyors said, “We came to Orro to replace our ageing MPLS network at our 36 sites across Australia. With the help of CISCO Meraki SD-WAN, we have been able to mesh 4G, broadband and fibre technologies into one seamless network.”

Outcome

Critically, using Orro and Meraki monitoring and management tools, the network support team can receive real-time visibility into the network. This means Orro network support and Fenner Conveyors’ technology teams can proactively detect any ISP outages or disruptions to the system, to enable real-time network routing and patching.

This is particularly important as the geographical spread of sites means that network performance, security and reliability are critical for Fenner Conveyors.

In addition to helping existing customers, the Meraki cloud-managed devices make it easy to set up new job sites, as well as enabling Fenner Conveyors’ IT team to manage their entire network remotely from a single location in Melbourne. 

The company had previously deployed an MPLS solution from another vendor, but it had meant extensive travel and time setting up the environment every time a new site was opened. Jammal said “Orro provided us with a full migration plan and they stuck to it throughout the life of the project. We were able to migrate our entire network and now with our redundant solutions, users do not see any issues and there is no down time.”

It also means that Fenner Conveyors can spend less team resources on network maintenance, instead focusing on more long-term strategic programs.

The company has recently been trialling embedded sensor technology on customer conveyor belts in Port Hedland – using the network to automatically carry data on machine performance to engineering and manufacturing teams. 

The Orro network will enable Fenner Conveyors to continually embrace evolving digital technologies, which deliver more relevant data anywhere and anytime.

The post Cisco Meraki SD-WAN Upgrade for Fenner Conveyors appeared first on Orro.

In 2020, City Beach was operating with a range of email exchange servers for communications between departments. One Friday evening, several issues notified the internal IT team of a compromise to one of the on-premises servers. After reviewing the system, it became apparent that several accounts were compromised, and as a result, the server was unresponsive and offline.

According to City Beach CIO, Rhian Greenway, the situation reinforced the unpredictability of modern-day cyber security threats.

“It can be very challenging to know if your network environment is as good as it can be, especially when it comes to cyber security. From an organisational standpoint, everything looks safe and secure until one thing brings it all down. It often takes a scenario like the exchange server to paint a clear and understandable picture for the business.” – Rhian Greenway, City Beach CIO

Having an existing relationship with McGrath Nichol, City Beach notified them of the breach on a Friday night. After assessing the scenario in the early hours of Saturday morning, it became apparent the exchange server was the entry point of the incident and was immediately shut down.

The experience highlighted certain holes in City Beach’s network security posture.

“We needed to adopt a more agile and responsive approach to our security strategy and wanted more comprehensive processes and tools to better enable early detection of such instances in the future.” – Rhian Greenway, City Beach CIO

Solution

City Beach went to market to find a strategic partner that could help bolster their security posture. From a pool of three potential providers, City Beach engaged the Orro team to implement a series of network security solutions and services, including:

• SIEM services
• Security Operations Centre (SOC) services for vital support through 24/7 eyes on glass
• Vulnerability Management Services (VMS)
• Cyber resilience assessments via internal and external Penetration Testing.

“Their approach to security aligned well with our own, their involvement with vendor management would be fantastic, the accessibility to their people was first-class, and most importantly, they had the skills, certifications and experience to fill the gaps in our own environment and team.” – Rhian Greenway, City Beach

These solutions would deliver City Beach a more comprehensive view of all their systems, including regular reporting and strategic advice relating to network security and the business’s network architecture. Moreover, the Orro team expertise and local presence in Brisbane would provide City Beach with the necessary expertise to create capacity internally.

“On top of the vulnerability assessments and real-time reporting and alerts, expertise was a big point for us moving forward. They would be able to act as an extension of our internal team, providing a level of expertise that is really hard to find in the current market.” – Rhian Greenway, City Beach CIO

Outcome

Since engaging with Orro, City Beach has realised several key improvements across their network architecture and security posture.

“Obviously, the experience they provide is invaluable, but not only that, we now have a defined roadmap to becoming more compliant, and we are prepared as best as possible for the unknown. We’re by no means immune to attack, as the exchange server incident highlighted, but having gone through that scenario, the team is helping us put the people, processes, and technology in place to be better prepared moving forward.” – Rhian Greenway, City Beach CIO

City Beach now possesses a much closer adherence to industry standards and are well aligned with the Essential Eight – a series of mitigation strategies for cyber security incidents outlined by the Australian Cyber Security Centre (ACSC).

Furthermore, Orro’s partnerships and vendor relationships have aided City Beach in bolstering its own vendor relationships. As a result, the business’s overall security baseline is firmer and more robust than before the exchange server incident.

City Beach acknowledged the most significant learning from the past 12 months was the realisation that regardless of your backend, people, processes, and attitude towards cyber security, no one is ever 100% safe. When we spoke with Rhian Greenway regarding the company’s learnings and if he had any advice for other businesses in a similar situation, he had this to say:

“Cyber security is now another risk element that businesses must address. For organisations out there looking to bolster their security posture – it’s all about persistence. You might make mistakes before something sticks, or you might not have the necessary resources to do what you want, but there are providers that can help you fill those gaps, because as our situation emphasises, it only takes one incident to highlight the importance of such strategies.” – Rhian Greenway, City Beach CIO

Looking ahead, Rhian says the Orro team will be invaluable in helping City Beach continue to fine-tune and grow their cyber security roadmap and strategy.

“It’s such a valuable relationship for us because they really know their stuff and keep us on the pulse of everything that is important to us as a business.” – Rhian Greenway, City Beach CIO

The post Strengthening City Beach’s Cyber Security Strategy appeared first on Orro.

Challenge

Orro was engaged by a large Financial institution for penetration testing services against their external and internal IT infrastructure. These services were required as part of their annual security assessment program.

The key components for this work included Blackbox type testing of the Customers externally accessible services, with the objective to get to the internal network. The Internal network penetration testing was carried out with provided login credentials of an internal user (low privileges), with the main objective to elevate privileges on the network to a Domain Administrator and/or root user in the Customers core systems.

Solution

Orro identified and documented any discovered technical vulnerabilities in the external and internal infrastructure, and outlined the resulting risks to the customer, posed by the following sample attack scenarios:

• A threat actor on the Internet, who:
  • Discovers vulnerabilities in externally facing hosts, services or applications, and then attempts to bypass authentication mechanisms and/or other restrictions deployed to block anonymous access to services, and thus to corporate and/or customers’ data;
  • Guesses or steals (e.g. via phishing) authorised user’s login credentials for externally facing systems and then uses these credentials to obtain unauthorised access to corporate systems and customers’ data.
• A threat actor connected to internal network, who:
  • Connects their device to internal network, discovers vulnerabilities within internally accessible hosts, services or applications, and then attempts to exploit these to gain unauthorised access to corporate systems and customers’ data;
  • Guesses or steals (e.g. via phishing or internal network traffic sniffing) authorised user’s login credentials for systems accessible to low privilege type user accounts, and then attempts to elevate their privileges to obtain higher level access, including full administrative privileges (Domain Administrator and/or root user) to core systems.
• A malicious insider, with authorised low-level privilege account, connected to internal network, who:
  • Misuses their authorised low-level access to probe the internal systems for vulnerabilities that can be exploited in order to elevate their privileges to obtain higher level access, including full administrative privileges (Domain Administrator and/or root user) to core systems.

Outcome

The resulting security assessment report provided the Customer with a prioritised list of recommended risk remediation actions that, once implemented, ensured that all relevant security controls deployed within the external and internal ICT networks are configured in an efficient manner to provide robust defence against threat actors targeting the Customers ICT systems.

Two reports (one per each testing phase listed above) were provided, including the identified findings and risk mitigation recommendations.

An onsite debrief and presentation to key stakeholders was also carried out along with the retesting of ‘high risk’ issues as reported.

The customer name has been withheld due to confidentiality.  More information can be provided by contacting the Orro team directly.

The post Network Penetration Testing for a Financial Institution appeared first on Orro.

Challenge

A QLD Regional Council had upgraded their telecommunications and corporate IT environment and was embarking on a number of Digitisation strategies under their Smart City agenda. It was realised that this would also impact their SCADA infrastructure, specifically water reticulation and treatment.

What was unknown within this environment was any Cyber security vulnerabilities and the risks posed by such security weaknesses if successfully exploited by persons with malicious intent.

Additionally, the Council was interested in carrying out a phishing campaign to identify user awareness and then trend increased awareness over a 12 month period.

Solution

Orro was engaged to perform a vulnerability assessment and penetration test against the nominated water reticulation and treatment infrastructure. Using our defined methodology for assessing Critical Infrastructure, we identified technical vulnerabilities within the SCADA environment and completed a penetration test from there, back into the Corporate network. Potential risks were confirmed and documented, showing sample attack and exploitation steps, along with a prioritised list of recommendations for risk mitigation.

The phishing campaign identified and confirmed the current awareness levels for phishing type attacks against Council staff and provided training material should a user be phished, in order to increase staff awareness around these attack methods.

Furthermore, a Orro Principal Consultant provided advisory services directly to the CIO post the engagement to assist with delivering key information to internal stakeholders and communicate with the Council’s service providers and partners.

Outcome

The vulnerability assessment and penetration testing identified a number of security risks which did not previously have the appropriate controls in place, and provided the Council with recommended steps to mitigate risks to the business. This information also assisted with identifying any effective security controls currently deployed to protect the SCADA infrastructure.

The phishing campaign helped Council staff to recognise potential phishing email attacks and in turn provide the knowledge necessary to protect Council infrastructure from well-orchestrated phishing campaigns.

Overall, it provided the Council with a level of comfort as to what steps needed to take place to increase the level of security maturity within their OT and IT environments to support future Digitisation projects.

Customer name has been withheld due to confidentiality. More information can be provided by contacting Orro directly.

The post SCADA Vulnerability Assessment & Penetration Testing appeared first on Orro.

Challenge

A QLD based Water Utility organisation was fast approaching a technology ceiling for their current WAN infrastructure for their Operational Technology (OT) and Information Technology (IT) networks. A number of key drivers for the project included improving the agility and responsiveness of the WAN, providing a blueprint architecture for all sites and future needs, flexibility to support a multi-carrier strategy and a secure platform that can service both Industrial Control Systems (ICS) and Corporate networks.

To improve network performance, availability and to support future growth, the approach was to converge three WANs into one with logical separation and security. They had investigated alternate options for a future state WAN architecture and required a technology partner to design, build and implement a prototype and to roll out a number of pilot sites.

Solution

Due to our experience in both OT and IT network domains, along with our capabilities in Cyber Security for Critical Infrastructure, Orro was engaged to complete the project. We based our engagement on a phased approach that included taking the customer through a discovery exercise that allowed us to determine the current and future state requirements. Following that we put forward a high level recommended architecture before moving on to the detailed design components. This catered for buy-in across both OT and IT stakeholders and sign off by the Business prior to any changes.

Outcome

The customer now has a reference architecture that reflects their target end state of a converged OT/IT WAN. It formed the basis for the detailed design and identified any gaps with key recommendations. It enables them to provide the flexibility and modularity that meets the needs of the business, allowing for easy adoption of new services and technologies across both OT and IT. The approach provided the necessary detail to plan and coordinate the implementation of the solution which minimised risk, and provided a level of confidence that the solution could be deployed into the remaining critical sites.

The customer name has been withheld due to confidentiality. More information can be provided by contacting Orro directly.

The post Convergence of OT & IT Networks for Improved Performance appeared first on Orro.