Zero Trust Security Transformation for Global Manufacturer
Building a Unified Security Posture Across 23 Facilities, Three Continents, and a Converging IT/OT Environment
0%
0%
0min
0
The Client
Global Automotive Parts Manufacturer
This automotive parts manufacturer produces precision-engineered components for six of the world's ten largest automakers. Their 23 facilities span Mexico, the United States, Germany, Poland, China, and Thailand. The company employs 14,000 people, operates roughly 3,200 networked industrial control systems, and manages an IT estate of approximately 9,500 endpoints, 420 servers, and a hybrid cloud environment spanning AWS and Azure.
The Challenge
The Problem
Three intersecting problems made this engagement urgent.
First, the IT/OT convergence problem. Manufacturing execution systems, quality inspection stations, and robotic assembly cells were increasingly connected to the corporate network. But OT networks had been designed for availability, not security. Protocols like Modbus and EtherNet/IP were never built with authentication or encryption. In automotive manufacturing, an unplanned production stoppage costs between $22,000 and $50,000 per minute.
Second, compliance pressure. Three of the company's largest automotive OEM customers had begun requiring TISAX certification. Two facilities had failed their initial assessments. Without remediation, the company risked losing contracts worth $340 million in annual revenue.
Third, four months prior, the Polish facility experienced a ransomware incident that encrypted file servers and email systems. Recovery took eleven days and cost an estimated $2.3 million. The board authorized a comprehensive security transformation the following month.
Our Approach
4 Phases. 26 weeks.
Flynaut's OneProtect team conducted comprehensive assessments across all 23 facilities, deployed Zero Trust architecture across five pillars (identity, device, network, application, data), and established 24/7 managed detection and response.
Security Assessment & Architecture Design
6 weeksDeployed network traffic analysis sensors, ran vulnerability scans across the IT estate, and conducted passive OT network discovery across all 23 facilities. Assessment revealed 847 critical/high vulnerabilities, 14 facilities with no IT/OT segmentation, and 6 different endpoint protection platforms.
Designed Zero Trust architecture around five pillars: identity, device, network, application, and data. Adapted the Purdue Model with additional monitoring layers for OT environments.
Identity & Access Overhaul
6 weeksMigrated all 23 facilities to Microsoft Entra ID with conditional access policies. Deployed CyberArk PAM to vault all administrative credentials. Migrated 312 service accounts with static passwords (some unchanged for 4+ years) to managed credentials with automatic rotation.
Shop floor supervisors use FIDO2 security keys rather than mobile MFA because personal phones are prohibited on production floors. OT systems authenticate through dedicated jump servers.
Detection, Response & Managed Security
8 weeksDeployed Microsoft Sentinel as centralized SIEM ingesting from every facility. Claroty provides OT network visibility. OneProtect SOC provides 24/7 managed detection and response. Built custom detection rules for manufacturing-specific threat scenarios.
Facility-specific incident response runbooks account for operational constraints — you cannot simply 'isolate the network' at a facility running a continuous casting process.
Compliance & Continuous Improvement
6 weeksMapped the entire security architecture against TISAX assessment criteria (ISA/IEC 62443 + ISO 27001). Produced documentation, evidence artifacts, and control narratives. Supported the client through TISAX audits at all facilities.
Monthly vulnerability scans, quarterly penetration tests, annual red team exercises, and a security metrics dashboard reporting to the board quarterly.
The Results
Performance That Speaks
Metric
Before
After
Change
Threat Visibility (assets monitored)
31% of estate
94% of estate
Mean Time to Detect (MTTD)
18 days
4 days
Mean Time to Respond (MTTR)
6+ days
18 minutes
Critical/High Vulnerabilities
847
43
IT/OT Segmentation Coverage
9 of 23 facilities
23 of 23
MFA Adoption
22% of users
100% of users
Privileged Accounts With Static Passwords
312
0
TISAX Certification
2 facilities failed
All certified
Production-Impacting Security Incidents
1 (ransomware)
0
Annual Security Operations Cost
$4.1M
$2.9M
The TISAX certification outcome was the most immediately business-critical result. The two facilities that had failed assessments were recertified, securing $340 million in at-risk OEM contracts. Two additional OEM customers cited the improved security posture as a factor in expanding supply agreements.
Technology
The Stack
Reflections
What This Project Taught Us
Manufacturing security is fundamentally different from enterprise IT security. OT environments have safety implications that IT environments do not. You cannot patch a PLC on the same schedule you patch a laptop. You cannot deploy agents on systems running real-time control loops.
The organizational challenge was as significant as the technical one. Plant managers rightfully view production uptime as their primary responsibility. We spent as much time explaining our approach to operations leaders as we spent deploying technology.
The economic argument for managed security over a build-your-own SOC is compelling for manufacturers who cannot hire security analysts in rural locations or retain them against the compensation offered by tech companies.
More Work
Related Case Studies
Ready?
Ready to transform your digital experience?
Flynaut builds enterprise-grade digital experiences for brands that refuse to compromise.