← Back to Blog

April 22nd, 2025

Case Study: Securing Critical Infrastructure with LimaCharlie's SecOps Cloud Platform

Daniel Ballmer
blog post header image

Overview

John Fitzpatrick, a distinguished cybersecurity expert and founder of Lab 539, has dedicated his career to securing complex operational technology (OT) environments. His latest project, leveraging LimaCharlie's SecOps Cloud Platform, tackled the security challenges of fuel depots and terminals—critical infrastructure with stringent operational requirements and aging technology.

By harnessing LimaCharlie’s flexibility, scalability, and API-first design, John developed an innovative approach to OT security that goes beyond traditional IT methods, ensuring resilience against evolving cyber threats.

Challenges in OT Security

OT networks present unique challenges that differentiate them from traditional IT environments:

  • Aging Technology: Many OT systems operate on outdated hardware and software, often running decades-old operating systems like Windows XP, which lack modern security features.

  • Limited Patching: Due to operational constraints, patching and updates are infrequent, increasing the risk of vulnerabilities.

  • Critical Infrastructure: Any downtime can lead to significant financial losses, making availability a top priority.

  • Lack of Standardized Security Tools: Unlike IT networks, there are no off-the-shelf security solutions tailored to OT environments.

Given these challenges, John sought a security solution that could adapt to a highly customized, process-driven ecosystem while enabling real-time detection and response.

Why LimaCharlie?

Traditional security tools often fail in OT environments due to their reliance on standard IT infrastructure and rigid deployment models. LimaCharlie’s platform stood out for several reasons:

  • Ease of Deployment: John and his team could start immediately without lengthy vendor negotiations or complex setup.

  • Data Ingestion Flexibility: The platform seamlessly integrates logs and telemetry from a variety of devices, including fuel terminal automation systems, RTUs, and PLCs.

  • Custom Detection & Response: LimaCharlie enables the creation of tailored detections based on real-world attack paths rather than relying on pre-packaged security rules.

  • Seamless IT-OT Integration: Secure, controlled data flow between IT and OT networks ensured visibility without exposing critical systems to unnecessary risk.

  • Cost-Effective & Transparent Pricing: The pay-for-what-you-use model provided financial predictability, allowing the team to scale their security operations efficiently.

Solution Implementation

John's approach to securing fuel terminals and depots with LimaCharlie involved several key phases:

1. Environment Discovery & Mapping

The first step was understanding the network architecture, device communication patterns, and operational dependencies. Unlike traditional IT environments where asset discovery tools are widely available, OT systems often require manual investigation.

2. Attack Path Analysis

By analyzing how an adversary might move through the network, John’s team identified critical vulnerabilities, including insecure remote access methods and legacy protocols with known weaknesses. This intelligence was crucial for designing tailored defenses.

3. Custom Detection Engineering

Rather than relying on signature-based detections, John used LimaCharlie to build behavior-based alerts:

  • Monitoring unauthorized communication between network segments.

  • Detecting anomalies in terminal automation system behavior.

  • Identifying potential zero-day exploit attempts by observing deviation from normal operational patterns.

4. Reliable Tasking for Operational Resilience

In addition to security monitoring, John leveraged LimaCharlie’s Reliable Tasking feature to automate DNS replication across IT and OT environments. This ensured operational continuity even in the event of a corporate IT failure, minimizing downtime while maintaining security integrity.

Outcomes & Benefits

By implementing LimaCharlie’s SecOps Cloud Platform, John and his team achieved:

Increased Visibility: The ability to ingest and analyze diverse OT data sources led to real-time awareness of potential threats. 

High-Fidelity Threat Detection: With deterministic OT processes, LimaCharlie’s tailored detections drastically reduced false positives compared to IT security solutions. 

Seamless IT-OT Security Bridging: The platform facilitated secure communication without introducing unnecessary risks. 

Cost Efficiency & Scalability: Transparent pricing allowed for flexible scaling without hidden costs or vendor lock-in. 

Zero-Day Resilience: By focusing on attack paths and behaviors rather than known vulnerabilities, the defenses remained effective against both known and unknown threats.

Lessons Learned & Future Plans

John’s experience highlights the growing need for tailored security solutions in OT environments. His key takeaways include:

  • Start Immediately: OT security efforts should not be delayed due to over-planning—exploring available data often uncovers valuable insights.

  • Embrace Customization: Security should be designed around operational realities rather than force-fitting IT-centric tools.

  • Integrate with Business Functions: Security should enhance, not hinder, operational efficiency.

Looking ahead, John is keen to further explore LimaCharlie’s capabilities, particularly around expanded log parsing for syslog data to enhance visibility into diverse OT systems.

Conclusion

LimaCharlie proved to be a game-changer in OT security by offering unparalleled flexibility, rapid deployment, and tailored detection capabilities. For security professionals navigating the complexities of OT environments, the key takeaway is clear: Start now, use what you have, and customize your approach to fit the unique demands of your infrastructure.

For more information on LimaCharlie’s SecOps Cloud Platform, visit LimaCharlie.io.

Copyright © LimaCharlie 2025