Since our initial blog post about Verve’s integration with BigFix software for IT-OT converged security, BigFix users asked us for more detail on how the Verve Security Center (VSC) can enhance their BigFix deployments. This is the first blog in a series of posts that describe the specific enhancements Verve’s integration offers for BigFix users.
To summarize Verve’s integration with BigFix, we offer comprehensive security in converged IT-OT-IOT environments through three unique functionalities:
- Through a proprietary agentless device inventory solution (ADI), Verve extends end point coverage to all assets from embedded controllers, PLCs, drives, cameras, and building control systems to the networking equipment (switches, routers, firewalls) that connect these end points.
- Verve’s proprietary security insight modeling provides 360-degree security management, not just asset management or traditional patch vulnerability management to these converged environments allowing users to take remediating actions (patch, configuration change, network hardening, account limitations) most appropriate to that system.
- The Verve platform architecture combines visibility, analysis, and playbook development of multi-server/multi-location environments that we often find in industrial and commercial customers, with the ability to allow local engineers or process staff to control the final action on their schedules based on outages, operational process or patient priorities. These three functionalities create a true security management platform for converged IT-OT networks.
Agentless Device Intelligence
The growing convergence of IT and OT/IOT networks creates a significant challenge for CIOs trying to manage and CISOs trying to protect these embedded/proprietary devices. Managing proprietary or open-standard embedded devices requires a different approach from the traditional agent-based or scan-based solutions. Most embedded devices cannot install an agent, and many of these proprietary devices are not stable enough to run traditional scan-based vulnerability assessment tools.
Traditional IT silos of separate solutions for workstations/server/OS-based systems vs. networks is not effective for securing these converged systems. In many cases, assets cannot be patched immediately or certain insecure configuration settings are necessary for operations due to OEM designs. Therefore, effective security requires that teams have a comprehensive view of the entire infrastructure, as well as the ability to take actions across end points and network elements to truly “manage” the vulnerabilities present using the best control for that particular risk.
Prior to Verve Industrial, the only options available on the market were network-based solutions which require spans/taps/pcap capture across all layers of the network to provide visibility without the ability to take action.
VCS confronts these challenges with the first end point security management solution built specifically for converged IT-OT networks.
The proprietary integration Verve has with BigFix software tunes the BigFix agent deployment specifically for OT/IOT environments, and it has proven successful on every major OEM vendor servers and workstations. The agent-based functionality provides full discovery of every device in a subnet, allowing for network access alerting. For those of you who use BigFix on your IT systems, all of the traditional functionality is present in these OT OS-based devices as well.
The agentless device intelligence extends security management functions to other assets in the network. This begins with the networking elements. Verve gathers full configuration information from all network devices into the same database as the OS-based devices. It gathers firmware, configuration settings, ACLs and other information and has the ability to integrate log and netflow data from these devices to provide greater granularity of network device behavior. Verve’s agentless manager also builds playbooks to manage these devices. True security management requires visibility of vulnerabilities, risks and threats, in conjunction with the ability to act on them.
The agentless device intelligence also extends into the proprietary embedded device realm. With this type of insight, OT security teams have an integrated view into all their IT/OT/IOT assets. Verve achieves this insight without the need to deploy expensive network taps and span ports on network infrastructure. The software-based approach enables visibility into all subnets and is proven to be safe in operations, leveraging the same communication protocols that the OEMs use to program these devices.
As IT departments come to grip with OT/IOT networks, they realize that many of the traditional security or ITSM playbooks no longer work. The monthly or quarterly “scan-patch-scan” process to address vulnerabilities is not applicable to critical infrastructure environments where scans can knock devices offline - or worse - make them inoperable. Patches deployed by corporate IT at the wrong time or without proper engineering testing causes significant operational disruption.
Many OT/IOT devices have hundreds of potential zero-day vulnerabilities because the vulnerability community hasn’t focused on these in the past. As a result, users need to truly manage vulnerabilities through a broader menu of potential actions – configuration hardening, network protections, deployment of application whitelists, changing user access controls, and increasing monitoring of anomalous behaviors.
Users need three things to execute on true security management:
- a comprehensive view of all of the assets and connections in their environment
- advanced intelligence that can recommend appropriate actions based on the assets, vulnerabilities, capabilities, and operational risks
- the ability to build playbooks of actions across end point and network protections to remediate the vulnerabilities in the most effective way possible.
BigFix software is a fantastic option for managing IT end points. With Verve’s integration, BigFix users extend this type of capability into true security management in converged IT-OT environments by providing comprehensive asset visibility and actionability as well as the intelligence to advise on the most effective course of action.