Customer Story

SA Power Networks, an Australian Energy Company, Improves Security Control Validation and Reduces Costs with AttackIQ

Replaces ad hoc penetration testing with continuous assessment.

Significant cost savings per year in overheads associated with penetration testing.

Reduces log retention costs by 10% through more effective targeting of threats.


SA Power Networks is South Australia’s regulated electricity distributor supplying about 1.7 million people and leading a rapid transition to a net-100% renewable energy system in the State. SA Power Networks is always seeking to build a more sustainable, efficient, and innovative business that creates real value for customers.

As a Critical Infrastructure (CI) provider in Australia, cybersecurity is a major consideration for the organization. Nathan Morelli, Head of Cyber Security, and IT Resilience at SA Power Networks, explains: “We need to know we have done enough to protect the business and the State’s electricity network from cyber threats. That means ensuring we have the right controls in place and that they are capable of helping us identify and respond to the most up-to-date and advanced threats.”

To meet its security challenges, SA Power Networks has adopted an intelligence-led, threat-informed strategy that matures its cyber defense approach.

Morelli describes the situation: “Our legacy approach was more reactive. When a security alert came through, all we could do was check our logs for indicators of a compromise. This intelligence is of limited value. Even evidence of a web shell doesn’t tell you whether there was an actual breach. We needed to be at the front end of the attack and on a more proactive footing.”

The internal penetration tests conducted by the security team were also sub-optimal. Given the time and cost involved, such tests were ad hoc and usually focused only on a specific application rather than the entire enterprise IT infrastructure. The security team wanted to move to continual testing of the company’s baseline security posture to ensure the highest levels of protection at any given time. It was at this moment that the company came across AttackIQ.

“The value of AttackIQ is clear to see: a solution that allows us to detect advanced threats and show our controls are working, with ongoing posture validation replacing our expensive and limited penetration testing. As a Critical Infrastructure organization, the benefits of the approach are clear.”

Automating Security Control Validation

Following a pilot phase, SA Power Networks deployed the AttackIQ Security Optimization Platform, which assesses security controls and validates that they are working as intended. The platform emulates the adversary with realism to assess security programs in a continuous and automated manner using scenarios and attack graphs aligned to the threat intelligence and adversary behaviors in MITRE ATT&CK.

Recently, the company has also adopted AttackIQ Vanguard, the company’s co-managed security validation service, which ensures that SA Power Networks is getting the most value possible out of the AttackIQ Security Optimization Platform.

With Vanguard, AttackIQ’s experienced team of cybersecurity practitioners investigates and advises on the potential cyberattacks in SA Power Networks’ environment using the platform to help achieve cybersecurity readiness. “Our team is relatively small,” says Lindbergh Caldeira, Cyber Security Operations Manager at SA Power Networks, “so Vanguard will prove invaluable for us. With AttackIQ as our trusted partner, we can rest assured that we are getting the most out of the platform.”

“AttackIQ Vanguard will prove invaluable for us. With AttackIQ as our trusted partner, we can rest assured that we are getting the most out of the platform.”


Based on the intelligence provided by the AttackIQ Security Optimization Platform, the company can now prioritize its efforts according to its biggest security control gaps and emerging threats, which is particularly important as the IT team looks to innovate and bring in new digital systems. “We now can act according to what the intelligence tells us for a true, risk-based approach. And the icing on the cake is that the platform aligns with MITRE ATT&CK. That alignment makes our jobs much easier and saves time and effort as everything is automated,” adds Caldeira.

In addition to creating a more detailed and continuous approach to assessing security controls, AttackIQ is also saving the company significant costs per year by offsetting the costs of penetration testing. The company has realized further efficiencies as it no longer needs to send as many SIEM (security information and event management) or SOC (security operations center) logs into its pay-per-use cloud environment. This is because with AttackIQ, the company need only focus on the attacks most relevant to its business. It only needs to send logs relating to those specific tactics and techniques into the cloud, a benefit that is expected to reduce storage costs by approximately 10 percent.

In protecting a CI business, the objective of SA Power Networks security team is to keep the lights on for South Australians. For Nathan Morelli, the way they do that is by understanding the threats facing their business and the corresponding controls they have in place. “That’s what’s great about AttackIQ,” Morelli concludes, “it allows us to identify our biggest potential security control gaps and gives us the visibility we need to ensure our controls are up to scratch. The AttackIQ Security Optimization Platform is therefore a fundamental layer of our threat-informed defense.”

Ready for your cybersecurity program to be tested-against real-world threats, optimized for effectiveness, and prepared for future attacks?