The Power of Services and Software in a Cyber Security Solution

When analysts ask, “Are you a software company or a services company?”, the implicit opinion is you cannot be both successfully.

I believe this is a red-herring that misses one of the key elements of artificial intelligence (AI) and industrial software – namely that the power of Man + Machine is greater than either stand-alone.

Verve Industrial focuses on industrial control systems (ICS) cyber security. This market has a very limited amount of experienced and trained personnel, ever-changing customer needs based on new and emerging threats, and significant coordination challenges across organizational boundaries (IT and OT).

In this type of business environment, customers want and need solutions, not components. They want an “output” rather than an “input”. Perhaps in more static environments where organizational questions are clear, separating into software and services makes more sense. But our in our experience, putting these two elements together creates a better result for our customers. In fact, as our software enhances, leveraging the latest architecture and machine-learning functionality, the power of Man + Machine is only getting stronger.

Three benefits to integrated cyber security software and services:

1. Cyber security software provides a more customer-focused solution when bundled with services

• Working side-by-side with users, the development team understands real customer needs and use cases on a real-time basis
• Functionality is tested by expert resources who are providing services before features are deployed
• Although machine learning is getting better, it requires expert training from people that understand the topic in detail. Leveraging the services team, our models improve rapidly

2. Cyber security services are more effective because they are enabled by internally developed software

Many would argue that services companies should be technology-agnostic. Our experience is that these environments require a combination of off-the-shelf technology as well as a core technology stack to provide the complete solution in these unique OT environments. By having our own technology, we enable our services team to understand the detailed working of the software to ensure our clients get the most out of it. Because our software is an open platform that integrates with third-party cyber security components, from vendors such as CarbonBlack and IBM, we can still maintain our independence on critical components while providing customers an integrated solution.

3. The combination of man and machine provides an effective output for customers rather than an input

In the ICS cyber security industry, a primary challenge is integrating multiple potential components into an integrated solution. Different OEM vendors each have their own solution. Providing complete protection and detection requires multiple different cyber security components from anti-malware, to configuration management, to threat detection.

At the same time, it requires people to harden systems, monitor for alerts, provide incident response, and especially in ICS, expert hands to guide any remediation activities. However, customers are resource-constrained to manage this complexity. By bringing together the software platform along with expert services, Verve provides a turnkey solution that produces a hardened system that effectively monitors and maintains, rather than individual components that must be knitted together into the right fabric of a solution.

I am certain this model does not apply in every instance. There are very good reasons in some sectors where the services capabilities or staff capacity or nature of the networks are more common that a relentless focus on either software or service makes the most sense. But in a world of limited resources, great uncertainty, challenging organizational challenges, and sensitive systems like we find in industrial controls cyber security, we find that the power of Man + Machine beats either one separately.