Case Study: Integrated SOC and OT Security for a UK Water Utility

About the Customer

The customer is the UK’s largest water and wastewater services provider, serving over 15 million customers across London and surrounding areas. The company is responsible for supplying clean drinking water, managing wastewater treatment, and maintaining the infrastructure of pipes and reservoirs in one of the most densely populated regions in the country.

Customer Challenges and Requirements

This critical national infrastructure provider was looking to transform its approach to security monitoring, incident response, and threat intelligence. Their existing tooling was fragmented and not fully optimised, making it difficult to gain consistent visibility or extract maximum value from their investments. The organisation needed a more unified, flexible solution that could scale with their needs.

In parallel, they were under pressure to maintain compliance with regulatory standards and secure both their IT and Operational Technology (OT) environments. With nation-state actors and ransomware groups such as BlackBasta and AlphV increasingly targeting the utilities sector, there was also a clear need to strengthen detection capabilities and maintain a deep understanding of the evolving threat landscape.

Many of the off-the-shelf solutions they had been offered were too rigid or generic to address the specific challenges they faced. They approached Adarma to help shape a tailored security strategy that would enhance visibility across their estate, reduce risk, and build long-term cyber resilience.

Customer Objectives

Enhance threat visibility and detection across both IT and OT environments

Maintain compliance with critical infrastructure cybersecurity regulations

Consolidate and optimise legacy tooling for improved operational efficiency

Build a flexible security model that could adapt to future needs

Implement a tailored threat intelligence and hunting capability

Partner with a provider that could act as a true extension of the internal security team

Adarma’s Solution

Adarma presented a solution addressing both their IT and OT environments, ensuring seamless integration and operational efficiency. Our consultative and outcome-focused approach positioned Adarma as the right partner to secure their critical services.

By meeting them at their stage of the security journey, the customer felt confident moving forward with Adarma as its chosen security partner.

A comprehensive Managed SOC Service, based on Microsoft Sentinel, Tenable and encompassing Claroty for the customer’s extensive OT environment.

Brand Protection, dark web monitoring, take downs

Vulnerability Management Service, including weekly technical calls with resolver groups and remediation progress reporting to key stakeholders, including patching and risk acceptance.

Services Delivered

24×7 Security Monitoring across their IT and OT estate, leveraging our Microsoft-accredited SOC team and Sentinel platform.

Hybrid model but with dedicated personnel.

Water company-based threat modelling.

Integrated Threat Intelligence to provide proactive insights and active threat hunting.

A variety of professional services to ensure their security operations mature and evolve to keep pace with emerging threats.

Results Delivered

Improved operational maturity and resilience: The customer now benefits from more mature, integrated security operations, helping to enhance their ability to withstand and respond to cyber threats.
Strategic OT support: Adarma’s Principal Consultants engaged closely with the customer to shape and support their long-term OT security strategy.
Enhanced visibility across environments: Ingesting and correlating log data from Claroty has improved clarity across both OT and IT environments, enabling a more holistic threat picture.
Support across the security journey: Adarma has provided consistent expertise and support as the customer progresses along their security maturity roadmap, across both IT and OT estates.
Scalable team augmentation: Adarma’s flexible resourcing model has allowed the customer to scale and supplement their internal security team as needed, without losing continuity or context.
Flexible delivery model: The customer has benefitted from Adarma’s adaptable engagement approach, ensuring the services align with their evolving needs and priorities.

Why the Customer Chose Adarma

Decades of experience in security operations excellence

A UK-based team specialising in threat-led, proactive managed security services.

Adarma’s recognition by Gartner as a representative vendor for co-managed services.

Adarma’s significant experience with organisations in high-risk sectors – transforming and maturing their security operations.

Key decision makers were impressed with Adarma’s ability to deliver outstanding security outcomes and had tremendously positive experiences collaborating with Adarma’s people.