DTEK and IBM partner to protect energy infrastructures from cyberattacks
As Ukraine's largest private energy company, DTEK provides light and warmth to millions of people. Since 2022, DTEK has worked tirelessly to support combat veterans in their reintegration into civilian life and provided free energy to critical infrastructure facilities in the Kyiv, Dnipropetrovsk and Donetsk regions.
Alongside intense bombardment of its distribution network and power plants, DTEK faces a constant threat from cyberwarfare, aimed at destabilizing critical energy infrastructure. On the frontlines of safeguarding DTEK from cyberattacks is MODUS X, the DTEK Group’s cyber and information security arm.
According to a MODUS X spokesperson, “We protect the business, innovations and customer trust of DTEK, so it is crucial for us to secure all systems, including those that process critical data. We strive to ensure security at every level using zero trust approaches.”
With DTEK facing increasingly frequent and destructive cyberthreats, MODUS X urgently needed to step up its monitoring and incident response capabilities. The company decided to establish a new security operation center (SOC) that would support 24x7 monitoring and protection of DTEK’s IT infrastructure.
As part of setting up the new SOC, MODUS X looked for a fresh set of security tools that aligned with its key priorities. These tools included accelerating threat detection, analysis and containment, deploying centralized ticket management and introducing behavioral analysis and predictive analytics.
MODUS X chose an array of solutions from the IBM® QRadar® Suite as the foundation for its SOC.
“We looked at offerings from the major market players,” notes the spokesperson. “IBM stood out by meeting our price-to-performance ratio, providing reliable functionality and supporting our core objectives.”
Time was of the essence in this migration. As an IBM Silver Business Partner, the MODUS X team was able to harness its extensive experience with IBM solutions to complete the move to the new SOC in just three months.
The spokesperson recalls, “We drew on lessons from our previous security information and event management [SIEM] implementations to inform our approach at DTEK. We made sure to prioritize architecture design, fault tolerance and streamlined workflows for analysts. We also paid careful attention to sizing, component allocation and process optimization.”
Today, the IBM QRadar Suite solutions sit at the core of a newly centralized and automated approach to cybersecurity management for DTEK. Using IBM QRadar SIEM, analysts can collect and correlate data from various sources across the company’s IT environment into a holistic view of security events. The solution’s integrated user behavior analytics module helps distinguish normal user behavior from anomalies, so teams can react faster to malicious activity.
MODUS X has also layered in enhanced security orchestration, automation and response (SOAR) capabilities, supported by IBM QRadar SOAR. Analysts use the SOAR console for daily tasks, such as ticket management, metrics tracking and case-specific instructions. These tools enhance their ability to analyze, respond to and manage security incidents effectively.
improvement in threat detection rate
cyberattacks repelled since 2022
Since 2022, MODUS X estimates that it has successfully repelled more than 150 million cyberattack attempts at DTEK. The SOC and IBM technology have become key tools in this fight, powering more consistent, efficient and accurate security operations.
With the IBM QRadar Suite unifying all necessary SOC resources in a single interface, analysts have everything they need at hand, accelerating their response to incidents. The IBM QRadar Suite have also helped automate threat detection and response, significantly cutting reaction times and improving team efficiency.
DTEK is seeing the difference across multiple incident response metrics. Its mean time to detect (MTTTD is now down to only 10 minutes. Mean time to triage (MTTT) is 30 minutes while mean time to respond (MTTR) stands at 70 minutes.
Now that the SOC provides centralized visibility into DTEK’s operations, MODUS X is in a stronger position to navigate security incidents as they arise. Together with more accurate and automated threat identification, this centralized visibility has helped drive a five-time improvement in the detection rate of potential threats.
The spokesperson concludes, “We can never avoid every threat, but with tools like the IBM QRadar Suite, we can make faster, smarter decisions about how we detect and respond to cybersecurity incidents. This helps us build a strong core of resilience for DTEK’s operations and infrastructure, so it can continue its mission of bringing light and warmth to the people of Ukraine.”
DTEK Group is the largest private investor in Ukraine’s energy sector with more than EUR 12 billion in invested capital since 2005. DTEK’s businesses operate solar, wind and thermal power plants; distribute and supply electricity to end consumers; produce coal and natural gas; and trade energy products in Ukrainian and international markets.
© Copyright IBM Corporation 2025. IBM, the IBM logo, and QRadar are trademarks or registered trademarks of IBM Corp., in the U.S. and/or other countries.
Examples presented as illustrative only. Actual results will vary based on client configurations and conditions and, therefore, generally expected results cannot be provided.