Since our recent blog post about Verve’s integration with BigFix for IT-OT converged security, we have been asked by many BigFix users for more detail on how our platform can help enhance their BigFix deployments. This is the first in a series of posts that describe the specific enhancements Verve’s integration offers for BigFix users.
To summarize our first blog: Verve’s integration with BigFix offers comprehensive security in converged IT-OT-IOT environments through 3 unique functionalities. First, through Verve’s proprietary agentless solution (ADI), Verve extends end point coverage to all assets – from embedded controllers, PLCs, drives, cameras, building control systems to the networking equipment (switches, routers, firewalls) that connect these end points. Second, Verve’s proprietary security insight modeling provides 360-degree security management, not just asset management or traditional patch vulnerability management to these converged environments allowing users to take remediating actions (patch, configuration change, network hardening, account limitations) most appropriate to that system. Third, the Verve platform architecture combines visibility, analysis, and playbook development of multi-server/multi-location environments that we often find in industrial and commercial customers, with the ability to allow local engineers or process staff to control the final action on their schedules based on outages, operational process or patient priorities. These three functionalities create a true security management platform for converged IT-OT networks.
Verve’s ADI: Agentless Device Intelligence
The growing convergence of IT and OT/IOT networks creates a significant challenge for CIO’s trying to manage and CISO’s trying to protect these embedded/proprietary devices. Managing proprietary or open-standard embedded devices requires a different approach from the traditional agent-based or scan-based solutions. Most embedded devices cannot install an agent, and many of these proprietary devices are not stable enough to run traditional scan-based vulnerability assessment tools.
Further, traditional IT silos of separate solutions for workstations/server/OS-based systems vs. networks is not effective for securing these converged systems. In many cases, assets cannot be patched immediately or certain insecure configuration settings are necessary for operations due to OEM designs. Therefore, effective security requires that teams have a comprehensive view of the entire infrastructure, as well as the ability to take actions across end points and network elements to truly “manage” the vulnerabilities present using the best control for that particular risk.
Before Verve, the only option available was network-based solutions which require spans/taps/pcap capture across all layers of the network, just to provide visibility with no ability to take action.
Verve provides a solution to these challenges with the first end point security management solution built specifically for converged IT-OT networks.
First, Verve’s proprietary integration with BigFix, tunes the BigFix agent deployment specifically for OT/IOT environments. We have proven Verve’s solution on every major OEM vendor servers and workstations. Verve’s agent-based functionality provides full discovery of every device in a subnet, allowing for network access alerting. For those of you who use BigFix on your IT systems, all of the traditional BigFix functionality is present in these OT OS-based devices as well.
Second, Verve’s Agentless Device Intelligence (ADI), extends security management functions to these other assets in the network. This begins with the networking elements. Verve gathers full configuration information from all network devices into the same database as the OS-based devices. It gathers firmware, configuration settings, ACLs and other information. Further, it has the ability to integrate log and netflow data from these devices to provide greater granularity of network device behavior. Verve’s agentless manager also has the ability to build playbooks to manage these devices as well. True security management requires visibility of vulnerabilities, risks and threats, but also the ability to act on them, which Verve provides.
The agentless device intelligence also extends into the proprietary embedded device realm as well. With this type of insight, OT security teams can now have an integrated view into all their IT/OT/IOT assets. Importantly Verve achieves this insight without the need to deploy expensive network taps and span ports on network infrastructure. Verve’s software-based approach enables visibility into all subnets. It is also proven safe in operations, leveraging the same communication protocols that the OEMs use to program these devices.
So what? What’s the value to the user?
As IT departments are coming to grip with these OT/IOT networks, they are realizing that many of the traditional security or ITSM playbooks no longer work. The monthly or quarterly “scan-patch-scan” process to address vulnerabilities is not applicable to critical infrastructure environments where scans can knock devices offline or worse make them inoperable, and patches deployed by corporate IT at the wrong time or without proper engineering testing can cause significant operational disruption. Further, many of the OT/IOT devices have hundreds of potential zero-day vulnerabilities because the vulnerability community hasn’t focused on these in the past. As a result, users need to truly “manage” vulnerabilities through a broader menu of potential actions – configuration hardening, network protections, deployment of application whitelists, changing user access controls, increasing monitoring of anomalous behaviors.
To execute on this true security management, users will need three things: 1) a comprehensive view of all of the assets and connections in their environment; 2) advanced intelligence that can recommend appropriate actions based on the assets, vulnerabilities, capabilities, and operational risks; and 3) the ability to build playbooks of actions across end point and network protections to remediate the vulnerabilities in the most effective way possible.
BigFix is a fantastic tool for managing IT end points. Verve’s integration allows BigFix users to extend this type of capability into true security management in converged IT-OT environments by providing comprehensive asset visibility and actionability as well as the intelligence to advise on the most effective course of action.