Vulnerability management in integrated IT-OT systems has historically been time-consuming and potentially risky to the operational reliability of fragile OT systems. As a result, assessments are often manually compiled using sampling of data, manual walk-downs and configuration reviews, and done on one-time or infrequent basis. Moving from assessment to remediation often requires a lengthy process of deploying appropriate tools, gathering additional data for network segmentation design, and/or manually patching distributed devices.
In short, it has been an inefficient and expensive exercise often only completed on an infrequent basis.
Solutions have emerged to provide some automated asset visibility using span ports and taps deployed on network switches to gather network communications that can indicate assets connected to the network. These solutions, however, are expensive to deploy, often miss a significant range of devices which are at lower layers of the network, and do not gather full software and configuration inventory necessary to do the same level of vulnerability analysis offered on IT assets. Further, remediation has been left to separate tools or manual exercises.
Over the past three years, Verve has been working with clients deploying a different approach that we call "closed-loop" vulnerability management. In short, "closed-loop" uses Verve's proven agent-agentless platform to gather deep inventory on all assets without the need for network taps or spans - or any hardware at all. It then produces a 360-degree assessment on assets, networks, access control, defensive compensating controls, etc. to enable a risk-rated set of vulnerability priorities. This is integrated with Verve's remediation capabilities which "closes the loop" on prioritized vulnerablities by enabling automated patch management, hardening of configuration settings, narrowing of access controls, etc. Finally, it provides automated auditing through central reporting function across all IT and OT assets across multiple geographic sites.
The result is:
- Deeper vulnerabilty assessment
- Lower cost assessment and remediation
- Real-time visibility to new vulnerabilities
- Faster-time-to-remediation with integrated assessment and remediation in the same platform
Please check out our solution brief for more information.