Air-gapped OT was no longer air-gapped
Plant-floor PLCs and SCADA were quietly bridged to corporate IT for batch reporting — no segmentation, flat L2, no monitoring.

Pharma Manufacturing
10 weeks
India
Manufacturing OT network + corporate IT + lab systems
Plant-floor PLCs and SCADA were quietly bridged to corporate IT for batch reporting — no segmentation, flat L2, no monitoring.
21 CFR Part 11 electronic records sat on Windows shares with weak ACLs. Audit trail integrity could not be proven on demand.
Chromatography and weighing instruments shipped with default admin accounts that had never been rotated since commissioning.
Mapped every cross-zone flow, redesigned the firewall rule-set around a Purdue-model topology, and validated each segment with a controlled internal pentest.
Ran credentialled scans on every Windows asset + manual exploitation on web applications, batch portals, and integration APIs. Each finding came with reproducible PoC and a fix verified on retest.
Closed the audit-trail, electronic-signature, and access-review gaps. Delivered evidence packs the QA team could hand to FDA inspectors without translation.
9 Critical, 17 High, 28 Medium — every Critical + High patched and verified on the retest pass.
21 CFR Part 11 electronic-record gaps closed; pre-audit evidence pack handed to the QA + IT teams.
18 months of clean operations across the manufacturing OT network after segmentation went live.
Certbar Security collaborated with a leading pharmaceutical manufacturing firm to bolster their cybersecurity framework. This case study explores our detailed approach to identifying vulnerabilities and implementing robust security measures tailored for the pharmaceutical sector. Our solutions were designed to protect sensitive research data, ensure regulatory compliance, and defend against evolving cyber threats.
Through our comprehensive cybersecurity services, the pharmaceutical manufacturing firm achieved substantial enhancements in their security posture. This case study highlights our process from initial assessment to final implementation, showcasing the tangible benefits realized. Enhanced data protection, reduced risk of cyber attacks, and improved compliance with industry regulations are key outcomes, underscoring Certbar Security’s value in the pharmaceutical industry.
FAQs
Pharma manufacturing firms often encounter threats such as data breaches, ransomware attacks, and intellectual property theft, which can compromise sensitive research data and disrupt operations.
Get the same outcomes
Talk to a CERT-In empanelled auditor. We'll scope the engagement, share a fixed price, and start within a week.