IT OT convergence in ICS security has dozens of different interpretations and definitions. In industrial cyber security, you’ll find IT OT convergence relates to the integration of networks, data, organizations, hardware, software, processes, security, etc.
Integrated IT OT Security
Verve believes integrating IT OT security through OT Systems Management (OTSM) brings the best of IT Systems Management (ITSM) into the world of OT and improves reliability, security and productivity across IT and OT systems.
For the OT environment, systems management should include asset (hardware and software) inventory, vulnerability assessment, OT patch management, and configuration management at a minimum. Essentially, convergence in how assets are managed across IT and OT.
In most industrial organizations, IT systems are closely managed, even if often done by different departments. Most modern IT organizations regularly conduct vulnerability scans, patch management, configuration compliance, and software management.
In OT environments, many of these common practices do not exist due to the complex and sensitive systems in OT and a severe lack of support in budget and personnel for OT security.
To meet the growing needs and demand for IT OT convergence, Verve built a distinctive OT cyber security platform to provide comprehensive security management for all elements of OT infrastructure - from HMIs to servers, routers, PLCs, controllers, meters, and relays.
The Verve Security Center (VSC) first provides an unparalleled asset inventory. This inventory then gets metadata about the asset criticality, location, owner, etc and also integrates with a range of IT solutions to deliver a multi-disciplined OT perspective per asset across IT OT environments.
One example of these integrations is the extension of BigFix software into the OT environment.
What is BigFix software?
HCL BigFix is the only endpoint management platform that enables IT operations and security teams to fully automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.
Unlike complex tools that cover a limited portion of your endpoints and take days or weeks to remediate, BigFix finds and fixes endpoints faster than any other solution – all while enabling greater than 98% first-pass patch success rates.
Many Verve customers standardized BigFix for IT endpoint management to assist with patching, configuration and software management. They have dedicated or outsourced teams with skills in using this tool kit. But in most cases, the deployments stopped when they hit the OT network borders.
We understand the decision many have made to not cross into OT because using IT tools for OT environments has its challenges:
- OEM vendors push back the deployment of agents on their systems
- Inability to inventory or manage all of the embedded OT systems
- Risk of automated deployment of patches in OT [expand on why automation is a bad thing -- since we talk about it being a positive thing]
- Lack of central reporting in multi-server environments as usually found in segmented OT systems
IT OT Convergence withBigFix + Verve Industrial
To amplify an investment in BigFix software to work in OT environments as it does in IT, Verve built an OT-specific integration for BigFix to combine data into a comprehensive security solution for OT.
Key elements of the integration between Verve and BigFix software include:
- OT-tuning of agent performance proven on every brand of OT OEM equipment. Verve has deployed this version of the BigFix agent and design for over 12 years and finely tuned performance to ensure negligible impact on critical OT environments.
- Agentless extension to all embedded OT systems for integrated agent-based information on switches, routers, PLCs, relays, meters, controllers, etc. Robust coverage to all OT assets significantly increases insight, ability to act and solidifies this single view as a comprehensive source of data for the entire OT environment.
- Integrated multi-server/site reporting. Verve's unique reporting infrastructure enables organizations to "Think Global, but Act Local". Verve aggregates individual site-level BigFix information (along with all of our embedded device data, vulnerability information, logs, netflow, and networking device information) into an integrated, easy-to-use reporting infrastructure. This provides our clients the ability to present all OT assets across the fleet to a small, specialized group of experts who do the research and planning once, then share remediation techniques, planning and execution across the fleet. This combination of aggregation for expert analysis with last mile OT oversight on changes solves the challenge of scarce OT security resources.
- Custom BigFix content. Verve's team regularly creates proprietary content patch fixlets, configuration checks, OEM blacklisted patches, etc. that bring OT-specific content to BigFix. This constant evolution means our clients continue to gain deeper and more complex understandings of their OT environment over time.
- Additional "out-of-the-box" third-party integrations
with databases such as ICS-CERT, National Vulnerability Database, Carbon Black, backup and restore solutions, etc. This multi-source asset data allows Verve to provide the first 360 degree asset view that incorporates OT specific context into otherwise non-contextual data. The result is a risk ranking and remediation plan that is specifically tailored to our client’s unique environment.
This combination of Verve and BigFix allows true IT OT endpoint management convergence. Companies are now able to extend their BigFix investment safely into the OT world.
In addition, the Verve solution deepens capabilities that BigFix offers out of the box, such as vulnerability assessments, network device integration, centralized easy-to-use reporting, and log management to provide a truly comprehensive NIST CSF solution.
To learn more about the Verve/BigFix solution, please see our IT OT integration case study: