Verve wins Frost & Sullivan’s 2018 Growth Leadership Award for OT Cybersecurity

We were thrilled to receive the “Growth Excellence Leadership Award” from Frost & Sullivan last week. As the award reads, “Frost & Sullivan bestows this award upon the company that demonstrates excellence in growth and customer value. The award recognizes the superiority of the product/service as well as the overall customer, purchase, ownership, and service experience offered, resulting in the recipient company seeing above-market growth and greater share of wallet.” This is testament to our team’s dedicated focus to helping our customers simplify the complexities of OT cybersecurity and reliability. Our combination of a comprehensive, cross-vendor platform combined with deep industrial process experts enables us to support customers through their security journey. Thanks so much to F&S for the recognition and our customers for their support! https://lnkd.in/eanWY3Q

Verve Industrial Protection and Dexcent Inc Announce Strategic Partnership to Deliver Integrated Cybersecurity Solution throughout North America

Collaboration Will Strengthen the Delivery of Verve Security Center Throughout North America.

EDMONTON, AB, CANADA AND PADUCAH, KY, USA — April 25, 2018 — Cybersecurity is a technology-driven, people-enabled program, and increasing and then maintaining the overall security posture of the OT/ICS environment can be challenging. Because of this realization, Verve Industrial Protection and Dexcent Inc are investing in next-generation technology and skilled ICS cybersecurity expertise.

 

 

News Highlights

  • The Verve Security Center (VSC) platform provides an ICS-wide view of the real-time health of the OT/ICS cybersecurity environment including embedded equipment to HMIs and workstations and provides unrivalled situational awareness of the ICS cybersecurity posture. By safely combining comprehensive asset profiles with supporting security information from vulnerability scanning to patch, backup and change management, the VSC platform provides unparalleled visibility, management and measurement of OT/ICS security programs.
  • The VSC platform used at regulated and non-regulated companies has proven to be easily scalable, flexible and to provide a significant improvement in security and situational awareness. Using VSC, customers have been able to realize significant gains in their security posture by making wholesale improvements across the board from asset detection through to responding, reporting and taking corrective action.
  • Under the terms of the partnership, Dexcent can offer the Verve Security Center (VSC) platform to its customers to improve performance, security and manageability across their OT/ICS environment. The VSC platform, when combined with Dexcent’s team of cybersecurity and industrial infrastructure professionals, enhances our capabilities to provide customers with an offering to – Manage Every Experience That Matters. This includes field engineering support and maintenance, remote OT network management, remote OT server management, security compliance management, and vendor support.
  • Under the terms of the partnership, Verve grows its trusted team of ICS cybersecurity experts to provide customers with expertise locally available in Canada. Verve will continue to bring their significant experience in Designing for Defence for OT security programs and in Managed Asset Protection services for post-implementation support and maintenance of security programs.
  • In making this announcement, Verve and Dexcent are building on the best-in-class cybersecurity services that they have jointly delivered to their respective customers since 2017. Combined, they form a team of ~100 professionals to be an extension of your ICS operations.
  • The partnership will enable both companies to strengthen their respective ability to provide customers with unmatched skills, performance, and flexibility while reducing the overall total cost of ownership.

Forward-Looking Statements
This press release contains forward-looking statements, including, but not limited to, statements relating to future plans, objectives, products, services and technologies and the expected demand for Verve or Dexcent products and services. These forward-looking statements involve risks and uncertainties, as well as assumptions that, if they do not fully materialize or prove incorrect, could cause Verve’s and Dexcent’s results to differ materially from those expressed or implied by such forward-looking statements. The risks and uncertainties that could cause Verve’s or Dexcent’s results to differ materially from those expressed or implied by such forward-looking statements include, but are not limited to, fluctuations in demand, sales cycles and prices for Verve and Dexcent products and services, and other factors. All forward-looking statements in this press release are based on information available to as of the date hereof, and neither Verve nor Dexcent assumes any obligation to update these forward-looking statements. Any future product, service, feature or related specification that may be referenced in this release is for information purposes only and is not a commitment to deliver any technology or enhancement. Each of Verve and Dexcent reserve the right to modify future product plans at any time.

About Dexcent
We provide a range of highly specialized engineering consulting services and solutions aimed specifically at optimizing industrial plant operations and business performance. Dexcent does this using in-depth knowledge and expertise in industrial analytics & information, cybersecurity & infrastructure, and process control systems.

Our solutions have a simple premise; each is engineered to:

  • empowerstakeholders within the organization with relevant and timely knowledge and information for improved decision-making;
  • enableour customers to achieve operational excellence;
  • protectand secure critical engineering and OT infrastructure; and
  • enhancethe capabilities of industrial systems.

The strength of our company is in our ability to leverage technology and assemble a strong team from within Dexcent, the customer, and other specialized service providers and partners to provide a solution that meets and exceeds your requirements.

About Verve Industrial Protection
Verve is the leading provider of cybersecurity for industrial control systems.  The company’s proprietary Verve Security Center integrates end point detection & response with robust network analysis to provide comprehensive cybersecurity orchestration.  Verve Security Center helps clients achieve rapid maturity increases against NIST, CSC20, NERC CIP, ISA99, ISO27001, and other industrial cybersecurity standards.

The company’s software is backed by 25+ years of industrial controls engineering experience to ensure ongoing low-cost maintenance & remediation support.

 

Verve Industrial Protection announces appointment of experienced NERC CIP auditor and ICS program expert Boyd Nation, as Director of Compliance Services

Chicago – Feb 24, 2018 – Verve Industrial Protection, the global leader in industrial control system (ICS) cybersecurity, today announced the appointment of Boyd Nation as Director of Compliance Services.  He will be responsible for leading our compliance services in support of the Verve suite of solutions.

A 20+-year utility security and compliance veteran who has provided high-level compliance services and program leadership to major power companies like,Southern Company, Ameren, and Exelon along with a large number of smaller but important pieces of the Bulk Electric System, Nation has built several ICS security and compliance programs, turning siloed security tools and practices into a sustainable compliance program and significantly reducing risk.

“We are thrilled to have Boyd assume this role.  His depth of expertise in the ICS cybersecurity industry especially around compliance is a significant addition to our team.  We are committed to bringing our unique industrial control systems cybersecurity platform based solution to the global market. Boyd is the perfect person to lead this,” said John Livingston, CEO of Verve Industrial Protection.

Verve industrial Protection’s flagship product, the Verve Security Center, soon to release its fourth version, is a comprehensive platform to manage all critical elements of cybersecurity within the ICS environment. Its unique cross-vendor solution allows operation technology (OT) leaders to significantly reduce the costs and complexity of managing cyber defense across the enterprise from a single console.

“Verve Industrial is extremely well positioned to help industrial customers reduce complexity, capture investment and position themselves for highly accurate visibility and action into their security and compliance programs”, said Mr. Nation. “I am very excited to engage with our customers and channel partners that service this space to help bring clarity to an often chaotic topic while organizing and extending our available compliance services.  We will be building a world-class compliance service organization to complement Verve’s traditional strength across our software product line and engineering services expertise”.

About Verve Industrial Protection

Verve Industrial Protection is a world-class engineering firm specializing in ICS systems, cybersecurity and technical services. Verve Industrial Protection reinvented the ICS cybersecurity industry by fusing information technology (IT) with operational technology (OT) through the Verve Security Center.  For more information, please visit Verveindustrial.com, or follow us on LinkedIn.

Fundamentals of ICS Security – US CERT TA17-164A

Introduction

The United States Computer Emergency Readiness Team recently revised Alert TA17-164A, detailing technical details on the tools and infrastructure used by cyber actors of the North Korean government.  While the alert was written to address the specific actors, the mitigating actions recommended in this alert are effective against similar techniques used by any actors.  As these techniques become well known by the user community, other actors may use them or derive similar techniques for use in their own campaigns against other targets.

The alert should be of particular concern to owners and operators of industrial control systems because these actors “commonly target systems running older, unsupported versions of Microsoft operating systems.”  The actors have also used vulnerabilities targeting the Adobe Flash Player and Microsoft Silverlight applications.  The versions of Microsoft Windows commonly used in industrial control systems typically lags those used in commercial environments, and are not always replaced or upgraded when Microsoft ends support.  The Adobe Flash Player and Microsoft Silverlight applications are sometimes used in support of machine interface or supervisory applications in operational technology environments.

The alert encourages all network administrators to apply several mitigation strategies.  These strategies work best when integrated together to form a stronger security fabric. A few of these strategies are particularly applicable to industrial control systems:

  1. Patch applications and operating systems
  2. Use application whitelisting
  3. Restrict administrative privileges
  4. Segment networks and segregate them into security zones
  5. Understand firewalls

Patch Applications & Operating Systems

Owners and operators should take every opportunity to patch their control system assets.  Traditional claims that patching activities are a greater risk than the vulnerabilities neglect the experience of the last several years, beginning with the revelations of the Stuxnet software and continuing with its derivatives and a steady drumbeat of vulnerabilities specific to industrial applications, controllers, and common support equipment.  Any owner or operator of an industrial control system should have an active program to periodically evaluate and install patches to applications and operating systems for all devices in their environment, even if the period is annual or semi-annual, depending on the downtime requirements and perceived risk of process disruption.

Application Whitelisting

The use of application whitelisting and the restriction of administrative privileges in operational technology environments is becoming a best practice, particularly on systems using Microsoft operating systems.  Controllers and common support equipment don’t typically support whitelisting (or the function is effectively supplied by the manufacturer at varying degrees of effectiveness).  Application whitelisting can be particularly effective in a controls environment because the application use is relatively limited and static.  Many of the biggest issues with whitelisting in the IT context, i.e., whitelisting “bloat”, is significantly lower in control systems.

Restricting Administrative Privileges

Restricting administrative privileges is a security best practice.  However, the increased risk of denying support personnel ready access to these devices may offset the benefits of restricting the privileges against this threat. There are several means of achieving this objective – from installing more advanced and limited password usage, to alerting on new admin account access, to review of admin account usage on a regular basis. Importantly, these solutions must depend on the type of device at issue.  We find that employing a range of “alerting & review” solutions along with true restriction on certain devices is the most balanced approach to security and operational reliability.

Network Segmentation & Understanding Firewalls

Segmenting networks and use of effective firewalls are critical elements to any cybersecurity or reliability solution, for that matter. Segmentation can improve overall reliability of industrial control systems, harden these systems against lateral movement of malicious actors within the environment, and aid in managing the scope of an incident response effort.  Further, continual review and updating of rules and protocols on how to control network traffic, enforce communications protocols, and provide central intrusion detection functionality enables the network administrator to apply the principles of continuous improvement to the network’s security profile over time.

Critical to segmentation is a thorough understanding of firewalls and routers.  In certain cases routers can be used as less functional firewalls where complex networks can benefit from less traffic control between closely interdependent segments.

One can segment networks into security zones in many ways.  Two common strategies are to segment networks by service provided to the facility or to segment networks by class of asset.  Both of these strategies can be equally effective, although it may be less costly to use one over another depending on the details of the environment.

Segmenting networks by service provided allows each service to the facility to be isolated during an incident, whether the incident is non-malicious (such as a simple broadcast storm) or malicious (worm activity spreading by the SMB protocol).  When an incident occurs, a router or firewall can provide some warning of unusual activity to network administrators or security analysts and possibly prevent an incident from directly impacting more than one service to the facility.  Many facilities have storage or redundancy of utility services that can allow for the continued provision of at least limited service during an incident.  While the use of a large storage tank may be independent of the segmentation strategy, conscious decisions should be made about the co-location of redundant services within a segment.  Spanning parallel networks (either physical or virtual) throughout a large facility is no longer considered a standard practice in commercial network design, but still finds widespread use in industrial control systems.

Segmenting networks by class of asset isolates threats to individual platforms.  Machine interfaces typically need to communicate with controllers, but not with each other.  Placing all machine interface hosts in a common segment and using private virtual networking begins to apply micro-segmentation to the environment; each machine interface host can easily communicate with its controllers but not with other similar hosts.  By keeping the controllers on a separate segment, the firewall has the opportunity to limit communications between the host and the controllers to only those protocols used for control functions.  Malicious code introduced to any host will be unable to compromise the dissimilar platform using any protocol; many denial of service attacks targeting controllers from the machine interface hosts also become ineffective in this case.

A key consideration in designing network segments is the definition of security zones.  Zones can be defined using the NIST guidance.  Common zones used in operational technology environments include but are not limited to

* Process Information Network (aka Demilitarized Zone, providing process information to the commercial environment)

* Remote Access Network

* Management or Supervisory Network (providing management workstations and supervisory network services such as log collection, performance monitoring, and event analysis servers)

* Process Control Networks (Distributed Control Systems, Supervisory Control and Data Acquisition Systems, or hybrid machine interface, controller, and instrumentation networks)

* Operational Networks

** Operational Supervisory Network

** Basic Control Network (typically machine interfaces, alarming, and controllers)

** Safety Network (independent safety controllers and instrumentation)

** Process Network (networked instrumentation, including both sensors and control elements

Summary

Security vendors and the press often discuss all of the more advanced security features of new products and technologies. And all of these solutions can potentially help make a network more secure. However, this recent CERT release explains how critical the fundamentals of cybersecurity are, especially in critical industrial control systems. Patching, application whitelisting, admin privilege management, segmentation are all critical to get right to ensure you can both protect as we as detect potential threats.

Verve Industrial Protection announces appointment of experienced Cyber Security executive Jim Crowley, as Vice President Sales & Marketing

Chicago – September 11, 2017 – Verve Industrial Protection the global leader in industrial control system (ICS) cybersecurity, today announced the appointment of Jim Crowley as Vice President Sales and Marketing.  He will be responsible for revenue generation and new customer acquisition globally.

An information security veteran who previously held senior leadership positions at notable companies including ThreatStack, Imperva and Industrial Defender, Crowley has built several high performing sales operations, turning early stage software and service companies into successful market leaders.

“We are thrilled to have Jim join Verve.  His depth of expertise in the ICS cybersecurity industry is a significant addition to our team.  We are committed to bringing our unique industrial control systems cybersecurity software and services to the global market. Jim is the perfect person to lead this,” said John Livingston, CEO of Verve Industrial Protection.

Verve industrial Protection’s flagship product, the Verve Security Center, now in its third version, is a comprehensive platform to manage all critical elements of cybersecurity within the ICS environment. Its unique cross-vendor solution allows operation technology (OT) leaders to significantly reduce the costs and complexity of managing cyber defense across the enterprise from a single console.

“Verve Industrial is extremely well positioned to help industrial customers solve security automation, integration and compliance challenges”, said Mr. Crowley. “I am very excited to engage with our customers and channel partners that service the industrial control ecosystem”.

_______________________________________________________________________________________

About Verve Industrial Protection

Verve Industrial Protection is a world-class engineering firm specializing in ICS systems, cybersecurity and technical services. Verve Industrial Protection reinvented the ICS cybersecurity industry by fusing information technology (IT) with operational technology (OT) through the Verve Security Center.  For more information, please visit Verveindustrial.com, email info@verveindustrial.com or follow us on LinkedIn.

Dragonfly, Energy Targets and General ICS Security Hype

Introduction:

Just the other day Symantec published an article about the recent ‘re-discovery’ of a group known as ‘Dragonfly’.  Now the article itself is a decent analysis of the threat/attack vectors this group uses and even has a handy chart displaying their ‘progress’ since the last time they were discovered.  My only real critique is the fact that Symantec says twice in this article that “Symantec customers are protected against the activities of the Dragonfly group.”  This I have a problem with.  On many fronts.  Symantec is a good company that does good things.  They even have the ability with their suite of products to likely prevent or minimize damage to their clients’ assets.  But this statement provides a false sense of security because in an ICS network you cant deploy all the tools a product like Symantec has to offer with the level of automatic updating and intervention it provides.  In reality you are maybe able to use half of its features (AV but not end point or end point but limited to specific systems or scaled down functions like alert but don’t block, etc).  This is not the fault of Symantec but rather a consequence of the reality of OT equipment and OEM vendor control/support.

What would provide an appropriate level of security comfort is something that very few currently have and that is a detailed, up to date profile of their asset fleet.  There are a few qualifiers to that statement so lets walk through them.

Detail:

When I say asset list I don’t mean a list of IP addresses.  That is just a base level ‘head count’.  I mean detail.  Like what is the device (relay, controller, PLC, engineering station….)?  What is running on it (hardware, firmware, serial number, software, OS, etc).  And where is it located physically and functionally in your plant or where along the process?  I am talking about the sort of detail that lets you truly understand what is really out there and how it is configured.

Automatic:

Too many times we see an ‘asset list’ from a client and they are pretty sure it is ‘reasonably’ accurate.  Like 90% accurate but this is rarely the case.  In the last 5 client asset lists I have seen in the last 3 months only one was 90% accurate.  At the other end of the spectrum, we found there were 590% more IP enabled assets at a particular site than they thought.  The only way to combat this is to be active.  I don’t mean actively scanning an OT network but I do mean implementing a proactive set of data collection and asset inventory tools.  They can be native to that system, they can be passive in listening (though this does lack system specific details) and/or they can make use of agents on OS based devices.  More likely, however, it is a combination of multiple data profiling techniques and technologies that will provide you an accurate inventory.

Benefits:

Once compiled the data in this asset list/database is invaluable.  It allows for you to create profiles of assets or classes of assets.  These profiles then enable more accurate creation and tuning of security tools like white listing, vulnerability scanning and change management.  But what is most beneficial is the ability to query the database for a specific risk.  By being able to show only those devices that are in scope for a current or emerging threat you are refining your work load to only that which is truly at risk.  For example the recent WannaCry threat which we wrote about as well: imagine if you could query your asset database to show just those systems with SMB ports 139 and 445 enabled?  You don’t need to run around with a windows disk patching all systems, you could just disable the ports on those systems.  Crisis averted!

Conclusion:

Best in class IT tools are great for the function they provide assuming you are able to take advantage of them.  However for a more robust, more accurate ability to act and react to threats to ICS networks you need to start with a much more inclusive view of what you have installed in the first place.  Visibility is what lifts the veil of uncertainty and allows ICS security teams to focus their very limited resources to what is truly at risk in a way that is safe for OT.

 

 

Leading Cyber Security Software Architect, Bill Easton, joins Verve Industrial Protection as Chief Technical Officer

Easton brings distinctive experience in end point protection and management

ST. LOUIS, MO and CHICAGO – July 5, 2017 – Verve Industrial Protection, is pleased to announce the appointment of Bill Easton as Chief Technical Officer. Mr. Easton will help Verve continue to establish its leadership position as the leading platform for ICS cybersecurity.

Mr. Easton joins Verve Industrial Protection from RES software, a leading provider of end point protection services where he was a leader of BigFix integration.  Mr. Easton is one of the leading innovators in how to integrate different types of end-point protection to simplify the security process for end users.

“We are excited to welcome Bill to our team.  Verve Security Center is the only ICS-focused cyber security solution that provides an integrated platform to simplify end-point and network protection. Bill’s deep expertise in integrating these capabilities will help us extend our differentiation in this arena,” said John Livingston, CEO of Verve Industrial Protection.

Mr. Easton will help continue to expand the capabilities of the Verve Security Center. Verve Security Center (VSC) is a vendor agnostic security suite that consolidates antivirus, application whitelisting, change & configuration management, security information & event management (SIEM), patch management, vulnerability assessments, intrusion detection, backup management, compliance, workflow and document management into a unified solution.   VSC brings together threat intelligence into a single console so users can quickly and simply understand their security posture and compliance status.

“I am thrilled to join the Verve team.  The complexity of cyber security, especially in the ICS environment, requires that providers find a way to simplify solutions.  The Verve platform is one-of-a-kind.  The ability to bring together the full view of threats into an orchestrated platform is key to ensuring protection. I am excited to help continue to expand Verve’s leadership ,” said Mr. Easton.

_______________________________________________________________________________________

About Verve Industrial Protection:  Verve, formerly known as RKNeal Engineering, has been in the industrial controls engineering business for approximately 25 years. The company’s flagship software product is the Verve Security Center, an orchestration platform for ICS cyber security.  The company also offers industrial controls engineering and managed asset protection services to industrial clients.

 

For more information, please email us at sales@verveindustrial.com, visit us at verveindustrial.com

Leading energy sector executive, Jason Few, joins Verve Industrial Protection as Senior Advisor

Few brings deep perspective on the needs of energy companies relating to cyber security and industrial protection

St. LOUIS, MO and CHICAGO – MAY 16, 2017 – Verve Industrial Protection, is pleased to announce the appointment of Jason Few as Senior Advisor. Mr. Few will help Verve deepen its presence and product leadership in the energy sector.

Mr. Few is the former CEO of Continuum Energy, one the leading mid-stream natural gas providers in North America.  Prior to Continuum, Mr. Few served as President of Reliant Energy in Houston where he led the company’s retail operations.  He is deeply sensitive to the threats that energy companies face from both intentional and unintentional cyber risks. His expertise will help expand Verve’s capabilities in this critical arena.

“We are excited that Jason chose to join us as Senior Advisor.  His experience will help us continue to develop Verve for the critical needs of the energy sector in protecting their most critical assets.  Verve Security Center is the only ICS-focused cyber security solution that provides an integrated platform to simplify end-point and network protection. Jason’s C-level perspective will help us continue to make our solution as relevant for executives managing this critical area,” said John Livingston, CEO of Verve Industrial Protection.

“I am excited to join the Verve team as Senior Advisor.  I have looked at a range of the available cyber security products available for industrial control systems and none of them has the same C-level application and relevance as the Verve Security Center.  It’s ability to orchestrate information and threats across different cyber security tools is critical to ensuring the most important threats are addressed ,” said Mr.Few.

_______________________________________________________________________________________

About Verve Industrial Protection:  Verve, formerly known as RKNeal Engineering, has been in the industrial controls engineering business for approximately 25 years. The company’s flagship software product is the Verve Security Center.   Verve Security Center (VSC) is a vendor agnostic security suite that consolidates antivirus, application whitelisting, change & configuration management, security information & event management (SIEM), patch management, vulnerability assessments, intrusion detection, backup management, compliance, workflow and document management into a unified solution.   VSC brings together threat intelligence into a single console so users can quickly and simply understand their security posture and compliance status The company also offers industrial controls engineering and managed asset protection services to industrial clients.

For more information, please email us at sales@rverveindustrial.com, visit us at verveindustrial.com

Industrial Controls Expert, Jennifer Love, joins Verve Industrial Protection as Customer Officer

Love has broad experience in helping clients find innovative security and controls solutions in process controls

ST. LOUIS, MO and CHICAGO – May 25, 2017 – Verve Industrial Protection, is pleased to announce the appointment of Jennifer Love as Customer Officer. Ms. Love will work with Verve’s clients to help them get the most out of the company’s software and services.

Ms. Love joins Verve Industrial Protection from ABB.  As a process control engineer she has worked for Invensys, Honeywell and ABB.  She has helped dozens of clients significantly reduce cost of service through the introduction of secure and reliable remote service offerings.  She is a committed advocate in the pursuit of solving her clients most challenging operational needs.
“We are excited to welcome Jenny to our team.  Verve prides itself on bringing deep industrial controls experience to all of our clients.  Jenny is steeped in ICS.  She will bring great insights to our clients of how to ensure their systems are secure and reliable,” said John Livingston, CEO of Verve Industrial Protection.

Ms. Love will help clients bring together the power of Verve Industrial Protection’s integrated set of protection and security solutions.  1) Design-4-Defense 2) Verve Security Center, and 3) Managed Asset Protection Services.  Together, these solutions allow Verve to help customers build true defense in depth and cover the critical areas of security as well as compliance.

“I am excited to be part of a team of experienced industrial controls experts who are bringing cybersecurity and reliability solutions that are “built by ICS engineers, for ICS engineers.  I have seen firsthand the challenges that large industrial companies face in protecting their critical assets.  Verve has built the kind of solutions that I know these customers need,” said Ms. Love.

_______________________________________________________________________________________

About Verve Industrial Protection:  Verve, formerly known as RKNeal Engineering, has been in the industrial controls engineering business for approximately 25 years. The company’s flagship software product, Verve Security Center (VSC) is a vendor agnostic security suite that consolidates antivirus, application whitelisting, change & configuration management, security information & event management (SIEM), patch management, vulnerability assessments, intrusion detection, backup management, compliance, workflow and document management into a unified solution.   VSC brings together threat intelligence into a single console so users can quickly and simply understand their security posture and compliance status. The company also offers industrial controls engineering and managed asset protection services to industrial clients.

 

For more information, please email us at sales@verveindustrial.com, visit us at verveindustrial.com

WannaCry and What to do for ICS

As we are very certain by now you have heard all about WannaCry and its multitude of possible variants.  What is maybe not so clear is what should you do about it.  To cut to the chase the following should be investigated/executed at a minimum as soon as possible:

  1. Apply the Windows SMB Patch as soon as possible. Note an emergency patch for unsupported versions of windows including: Windows XP, Vista, Server 2003 or 2008 is available for older systems as well (See Microsoft Security Bulletin MS17-010 – Critical)
  2. Block SMB ports (139 and 445) between IT/OT networks   (no connection between systems since uses data diodes)
  3. On systems that don’t require use of SMB, disable it altogether (Microsoft instructions can be found here) or block it using the endpoint firewalls
  4. On systems that may require SMB for services that are less important, consider disabling SMB  until patches can be applied
  5. Quickly review disaster recovery plans and determine which windows-based ICS systems have current backups. Image or backup those systems as soon as possible to aid in rapid recovery if these systems become infected
  6. Additionally, ICS security teams need to remain vigilant for new variants of the WannaCry which may use new replication techniques.

Now that you have your marching orders here are a couple of other sources of information for you to review.  The first article is one written by our very own Technical Director for EMEA based in the UK.  His article ‘When Worms Attack Critical Infrastructure ‘can be found here.

Additionally our senior advisor and ‘godfather’ of ICS security Eric Byres helped out our friends at ISSource with his article titled ‘How to Protect Against WannaCry’.

And be sure to check back soon – very shortly we will be publishing a more detailed analysis about how an orchestrated tool like our Verve Security Center and its 100% visibility into your assets, their status and the ability to tune end points from our portal could speed future efforts like this.  Stay tuned!