Validating AI-powered CTEM in a real industrial environment: the Elecnor case

The collaboration with Elecnor Group, structured through the BIND Basque Open Innovation Platform, allowed NNEAT to validate its AI-powered exposure management approach in a large-scale industrial environment.

Elecnor's challenge

Elecnor is an organisation with operations across multiple sectors: energy, telecommunications, infrastructure. The complexity of its attack surface is proportional to that diversity — OT/IT assets, suppliers, subsidiaries, international presence.

The challenge was not a lack of security tools but a lack of consolidated visibility: which assets are actually exposed? Which threats are relevant to this specific profile? What should be done first?

How we solved it

By combining Surface's detection engine with the MITRE ATT&CK framework, NNEAT built a prioritised view of Elecnor's exposure. Not all exposed assets carry the same risk: it depends on which attack techniques affect them and how much defensive coverage exists against those techniques.

The output is an ordered action list, not an inventory of problems. Each remediation connects directly to a measurable improvement in the TADR rating.

What this validation confirms

Industrial environments have characteristics that make them particularly difficult to secure: legacy systems, unencrypted OT protocols, slow update cycles. But attackers do not pause for those limitations. The Elecnor validation confirms that NNEAT's approach works even in the most complex contexts — prioritisation based on real threats, not generic CVE severity scores.