Verve Industrial Protection announces appointment of experienced Cyber Security executive Jim Crowley, as Vice President Sales & Marketing

Chicago – September 11, 2017 – Verve Industrial Protection the global leader in industrial control system (ICS) cybersecurity, today announced the appointment of Jim Crowley as Vice President Sales and Marketing.  He will be responsible for revenue generation and new customer acquisition globally.

An information security veteran who previously held senior leadership positions at notable companies including ThreatStack, Imperva and Industrial Defender, Crowley has built several high performing sales operations, turning early stage software and service companies into successful market leaders.

“We are thrilled to have Jim join Verve.  His depth of expertise in the ICS cybersecurity industry is a significant addition to our team.  We are committed to bringing our unique industrial control systems cybersecurity software and services to the global market. Jim is the perfect person to lead this,” said John Livingston, CEO of Verve Industrial Protection.

Verve industrial Protection’s flagship product, the Verve Security Center, now in its third version, is a comprehensive platform to manage all critical elements of cybersecurity within the ICS environment. Its unique cross-vendor solution allows operation technology (OT) leaders to significantly reduce the costs and complexity of managing cyber defense across the enterprise from a single console.

“Verve Industrial is extremely well positioned to help industrial customers solve security automation, integration and compliance challenges”, said Mr. Crowley. “I am very excited to engage with our customers and channel partners that service the industrial control ecosystem”.

_______________________________________________________________________________________

About Verve Industrial Protection

Verve Industrial Protection is a world-class engineering firm specializing in ICS systems, cybersecurity and technical services. Verve Industrial Protection reinvented the ICS cybersecurity industry by fusing information technology (IT) with operational technology (OT) through the Verve Security Center.  For more information, please visit Verveindustrial.com, email info@verveindustrial.com or follow us on LinkedIn.

Dragonfly, Energy Targets and General ICS Security Hype

Introduction:

Just the other day Symantec published an article about the recent ‘re-discovery’ of a group known as ‘Dragonfly’.  Now the article itself is a decent analysis of the threat/attack vectors this group uses and even has a handy chart displaying their ‘progress’ since the last time they were discovered.  My only real critique is the fact that Symantec says twice in this article that “Symantec customers are protected against the activities of the Dragonfly group.”  This I have a problem with.  On many fronts.  Symantec is a good company that does good things.  They even have the ability with their suite of products to likely prevent or minimize damage to their clients’ assets.  But this statement provides a false sense of security because in an ICS network you cant deploy all the tools a product like Symantec has to offer with the level of automatic updating and intervention it provides.  In reality you are maybe able to use half of its features (AV but not end point or end point but limited to specific systems or scaled down functions like alert but don’t block, etc).  This is not the fault of Symantec but rather a consequence of the reality of OT equipment and OEM vendor control/support.

What would provide an appropriate level of security comfort is something that very few currently have and that is a detailed, up to date profile of their asset fleet.  There are a few qualifiers to that statement so lets walk through them.

Detail:

When I say asset list I don’t mean a list of IP addresses.  That is just a base level ‘head count’.  I mean detail.  Like what is the device (relay, controller, PLC, engineering station….)?  What is running on it (hardware, firmware, serial number, software, OS, etc).  And where is it located physically and functionally in your plant or where along the process?  I am talking about the sort of detail that lets you truly understand what is really out there and how it is configured.

Automatic:

Too many times we see an ‘asset list’ from a client and they are pretty sure it is ‘reasonably’ accurate.  Like 90% accurate but this is rarely the case.  In the last 5 client asset lists I have seen in the last 3 months only one was 90% accurate.  At the other end of the spectrum, we found there were 590% more IP enabled assets at a particular site than they thought.  The only way to combat this is to be active.  I don’t mean actively scanning an OT network but I do mean implementing a proactive set of data collection and asset inventory tools.  They can be native to that system, they can be passive in listening (though this does lack system specific details) and/or they can make use of agents on OS based devices.  More likely, however, it is a combination of multiple data profiling techniques and technologies that will provide you an accurate inventory.

Benefits:

Once compiled the data in this asset list/database is invaluable.  It allows for you to create profiles of assets or classes of assets.  These profiles then enable more accurate creation and tuning of security tools like white listing, vulnerability scanning and change management.  But what is most beneficial is the ability to query the database for a specific risk.  By being able to show only those devices that are in scope for a current or emerging threat you are refining your work load to only that which is truly at risk.  For example the recent WannaCry threat which we wrote about as well: imagine if you could query your asset database to show just those systems with SMB ports 139 and 445 enabled?  You don’t need to run around with a windows disk patching all systems, you could just disable the ports on those systems.  Crisis averted!

Conclusion:

Best in class IT tools are great for the function they provide assuming you are able to take advantage of them.  However for a more robust, more accurate ability to act and react to threats to ICS networks you need to start with a much more inclusive view of what you have installed in the first place.  Visibility is what lifts the veil of uncertainty and allows ICS security teams to focus their very limited resources to what is truly at risk in a way that is safe for OT.