Tackling cybersecurity threats to Ukraine’s energy sector

Rising storm of cyberattacks

As Ukraine’s largest private energy company, DTEK provides light and warmth to millions of people. Since 2022, DTEK has worked tirelessly to support combat veterans in their reintegration into civilian life and has provided free electricity to critical infrastructure facilities in the Kyiv, Dnipropetrovsk, and Donetsk regions.

Alongside intense bombardment of its distribution network and power plants, DTEK faces a constant threat of cyberwarfare aimed at destabilizing critical energy infrastructure. On the frontlines of defending against these cyberattacks stands MODUS X — the cybersecurity and information security arm of DTEK Group.

According to a MODUS X spokesperson:

“We protect DTEK’s business, innovation, and customer trust, so it’s crucial for us to ensure the security of all systems, including those that handle critical data. We strive to guarantee security at every level using a zero trust approach.”

In response to the growing frequency and destructiveness of cyberattacks, MODUS X urgently needed to enhance its monitoring and incident response capabilities. The company decided to establish a new Security Operations Center (SOC) that would provide 24/7 monitoring and protection of DTEK’s IT infrastructure.

As part of building the new SOC, the MODUS X team sought out cybersecurity tools that aligned with their core priorities. These included accelerating threat detection, analysis, and containment; centralized incident management; and the integration of behavioral and predictive analytics.

A SOC Ready for Anything

As the foundation of its new SOC, MODUS X chose a suite of IBM® QRadar® solutions.

“We evaluated proposals from leading vendors,” noted a MODUS X spokesperson. “IBM offered the best price-to-performance ratio, stable functionality, and a strong match to our core requirements.”

Time was of the essence. Thanks to MODUS X’s status as an IBM Silver Business Partner and its extensive experience with IBM solutions, the new SOC was implemented in just three months.

“We applied our experience from previous SIEM (Security Information and Event Management) deployments and tailored it to DTEK’s needs. Special focus was placed on architecture, fault tolerance, process design for analysts, and system component allocation and scaling.”

Today, IBM QRadar Suite forms the backbone of DTEK’s centralized and automated cybersecurity operations. With IBM QRadar SIEM, analysts can collect and correlate data from across the company’s IT environment to form a comprehensive view of security events. A built-in user behavior analytics module helps identify anomalies, enabling quicker responses to malicious activity.

Additionally, MODUS X has added a powerful layer of automation, orchestration, and incident response (SOAR) through IBM QRadar SOAR. Analysts now use the SOAR console for daily tasks like incident handling, metric tracking, and case management. These tools have significantly improved the efficiency of the incident response process.

Key Metrics

• 5x improvement in threat detection speed
• 150 million cyberattacks blocked since 2022

“With tools like IBM QRadar Suite, we can make faster, smarter decisions about detecting and responding to cyber incidents.”
— MODUS X spokesperson

Building a Resilient Line of Defense

Since 2022, MODUS X estimates it has successfully blocked over 150 million attempted cyberattacks on DTEK. The SOC and IBM technologies have been key assets in this defense, enabling more coordinated, efficient, and precise security operations.

By consolidating all necessary SOC resources into a single interface, IBM QRadar Suite provides analysts with everything they need for accelerated incident response. The platform also automates threat detection and response, significantly reducing response times and boosting team effectiveness.

DTEK is already seeing results:

• Mean Time to Detect (MTTD): 10 minutes
• Mean Time to Triage (MTTT): 30 minutes
• Mean Time to Respond (MTTR): 70 minutes

Now that the SOC delivers centralized visibility across all DTEK operations, MODUS X is better equipped to manage security incidents. Combined with more precise and automated threat detection, this centralization has led to a fivefold increase in threat detection rates.

“We can’t avoid every threat — but with tools like IBM QRadar Suite, we can respond faster and more effectively. It helps us build a solid foundation of resilience for DTEK’s operations and infrastructure, so the company can continue fulfilling its mission: delivering light and warmth to the people of Ukraine.”

About DTEK

DTEK Group is the largest private investor in Ukraine’s energy sector, with over €12 billion invested since 2005. Group enterprises generate electricity from solar, wind, and thermal power plants; distribute and supply electricity to end users; extract coal and natural gas; and trade energy resources in both Ukrainian and international markets.

Solution Components

IBM QRadar® SIEM
→ A new SIEM standard for faster threat analysis, scalability, and performance

IBM QRadar SOAR
→ Accelerated incident response through automation and process standardization

IBM QRadar Suite
→ A comprehensive threat detection and response platform designed to help security teams stay ahead of emerging threats