IT-OT convergence: a term with dozens of different interpretations and definitions. There are converged networks, data, organizations, hardware, software, processes, security, etc. Depending on the context, the term can mean many different things.
In our view, one of the most important types of convergence is around systems and security management. This includes everything from asset (hardware and software) inventory to vulnerability assessment to patching, configuration management, etc. Essentially, convergence in how assets are managed across IT and OT.
In most organizations, IT systems are closely managed (even if often done by different departments). Most modern IT organizations are regularly conducting vulnerability scanning, patch updates, configuration compliance, software management, etc. However, in OT, many of these common practices do not exist due in large part to the complex and sensitive systems in OT.
Over the past decade, Verve has built a distinctive OT security platform to provide comprehensive cyber security management for all elements of OT infrastructure - from HMIs to servers, routers, PLCs, controllers, meters, relays, etc. We have also integrated with a range of IT solutions to bring convergence across the IT-OT environments.
One example of these integrations is our extension of BigFix into the OT environment.
Many of our clients have standardized on BigFix for IT end point management: patching, configuration and software management. They have dedicated or outsourced teams with skills in using this tool kit. But in most cases, the deployments have stopped when they hit the OT network borders. This is true for several reasons:
- OEM vendor push-back of deploying agents on their systems
- Lack of ability to inventory/manage all of the embedded OT systems
- Risk of automated deployment of patches in OT
- Lack of central reporting in multi-server environments as usually found in segmented OT systems
Verve has built an OT-specific integration for BigFix that resolves the historical problems and integrates that data into a comprehensive security solution for OT. Key elements of our BigFix integration include:
- OT-tuning of agent performance proven on every brand of OT OEM equipment. Verve has been deploying our version of the BigFix agent and design for a decade and have addressed any performance issues that they may cause on HMIs and servers.
- Agentless extension to all embedded OT systems so that customers can now see all of the agent-based information together with agentless information on switches, routers, PLCs, relays, meters, controllers, etc. all in the same database
- Integrated multi-server/site reporting. Verve's unique reporting infrastructure enables organizations to "Think Global, but Act Local". Verve aggregates individual site-level BigFix information (along with all of our embedded device data, vulnerability information, logs, netflow, and networking device information) into an integrated, easy-to-use reporting infrastructure. This allows for central analysis, response design, and reporting. But enables local teams to control actions such as patching and configuration changes.
- Custom BigFix content. Verve's team regularly creates proprietary content patch fixlets, configuration checks, OEM blacklisted patches, etc. that bring OT-specific content to BigFix
- Additional "out-of-the-box" third-party integrations with databases such as ICS-CERT, National Vulnerability Database, Carbon Black, backup & restore solutions, etc.
This combination of Verve and BigFix allows true IT-OT end point management convergence. It allows companies to leverage the prior investments they've made with BigFix and extend that functionality to the OT world. In addition, it allows for a much greater depth of capabilities that BigFix offers out of the box - such as vulnerability assessments, network device integration, centralized easy-to-use reporting, log management, etc.
A true comprehensive NIST CSF solution.
To learn more, please see our case study. BigFix Integration