IT OT convergence: a term with dozens of different interpretations and definitions. There are converged networks, data, organizations, hardware, software, processes, security, etc. Depending on the context, the term can mean many different things.
In our view, one of the most important types of convergence is around systems and security management. This includes everything from asset (hardware and software) inventory to vulnerability assessment to patching and configuration management. Essentially, convergence in how assets are managed across IT and OT.
In most organizations, IT systems are closely managed, even if often done by different departments. Most modern IT organizations are regularly conducting vulnerability scanning, patch updates, configuration compliance, and software management. In OT environments, many of these common practices do not exist due to the complex and sensitive systems in OT.
Over the past decade, Verve built a distinctive OT security platform to provide comprehensive cyber security management for all elements of OT infrastructure - from HMIs to servers, routers, PLCs, controllers, meters, and relays. The Verve Security Center (VSC) integrates with a range of IT solutions to bring convergence across the IT OT environments.
One example of these integrations is the extension of BigFix into the OT environment.
Many of our clients have standardized on BigFix for IT end point management: patching, configuration and software management. They have dedicated or outsourced teams with skills in using this tool kit. But in most cases, the deployments have stopped when they hit the OT network borders. This is true for several reasons:
- OEM vendor push-back of deploying agents on their systems
- Lack of ability to inventory or manage all of the embedded OT systems
- Risk of automated deployment of patches in OT
- Lack of central reporting in multi-server environments as usually found in segmented OT systems
Verve built an OT-specific integration for BigFix that resolves the historical problems and integrates data into a comprehensive security solution for OT. Key elements of the BigFix integration include:
- OT-tuning of agent performance proven on every brand of OT OEM equipment. Verve has deployed this version of the BigFix agent and design for a decade and addressed performance issues that they may cause on HMIs and servers.
- Agentless extension to all embedded OT systems so that customers can now see all of the agent-based information together with agentless information on switches, routers, PLCs, relays, meters, controllers, etc. all in the same database.
- Integrated multi-server/site reporting. Verve's unique reporting infrastructure enables organizations to "Think Global, but Act Local". Verve aggregates individual site-level BigFix information (along with all of our embedded device data, vulnerability information, logs, netflow, and networking device information) into an integrated, easy-to-use reporting infrastructure. This allows for central analysis, response design, and reporting. It enables local teams to control actions such as patching and configuration changes.
- Custom BigFix content. Verve's team regularly creates proprietary content patch fixlets, configuration checks, OEM blacklisted patches, etc. that bring OT-specific content to BigFix.
- Additional "out-of-the-box" third-party integrations with databases such as ICS-CERT, National Vulnerability Database, Carbon Black, backup & restore solutions, etc.
This combination of Verve and BigFix allows true IT OT end point management convergence. It allows companies to leverage the prior investments they've made with BigFix and extend that functionality to the OT world. In addition, it allows for a much greater depth of capabilities that BigFix offers out of the box, such as vulnerability assessments, network device integration, centralized easy-to-use reporting, and log management. A true comprehensive NIST CSF solution.
To learn more, please see our case study: