Subscribe to stay in the loop with the latest OT cyber security best practices.
Fill out form below
Remotely Manage OT Security During COVID-19 and Beyond
Gain OT security maturity with remote work and limited physical plant access. Learn how to rapidly enable remote security deployment and management in ICS.
John Livingston | April 8, 2020
I have received dozens of calls from caring individuals, team members, and customers asking, “How’s business?” and “Are you surviving in a world where social distancing means you cannot visit plant sites to conduct business?” Others are asking about our clients, “How are power companies and manufacturers able to operate in a world of limited physical visit to plant sites?”
In a rapidly changing world, we are grateful that our work continues to grow, and Verve Security Center customers operate their security and OT systems management quite effectively remotely.
Although it was not designed for a pandemic crisis, we created Verve Security Center with our “Think Global: Act Local” architecture, which is a direct response to scarce IT security resources available to the OT market. This architecture is tailor made to allow effective security and OT systems management in this time of physical distancing.
What is the “Think Global: Act Local” Architecture for Industrial Control Systems?
Working closely with manufacturing, power, oil and gas and other industrial customers, Verve developed a solution providing security and systems management capabilities across distributed industrial sites and environments.
One of the key requirements was access to centralized visibility, analysis and design of remediation actions with localized control over the final decision to execute on those remediation actions.
Industrial companies require local and corporate-wide visibility to real-time data, such as logs and alerts, for teams to collaborate across central SOC or NOC and the local plant personnel.
For many, plant systems sit behind data diodes, requiring visibility of information pushed out through the diode for central analysis and troubleshooting, compliance reporting, and planning.
The answer to this growing need was “Think Global: Act Local”. The architecture, specifically designed for these remote industrial environments, leverages a unique blend of software – agent/agentless/virtual machines/encrypted messaging/etc. – to allow for true remote visibility and operations.
The basic construct can be seen below:
Benefits of Remote Access Management for Industrial Security
The core of this architecture, “Think Global” is for multiple sites (one of our customers has 600 sites around the world) to report up to a centralized analysis and reporting console. The data that flows “northbound” from each site includes a range of items:
Asset inventory
Software inventory on all devices (includes firmware, OS, application software)
Patch and vulnerability status
Configuration settings
Information on dozens of third-party software including AV/application whitelisting status, backup status, etc.
Real-time information such as logs, net flow, device performance statistics
Real-time alarm data from DCS systems
OT-specific context such as system criticality to operations, system owner, location, etc.
And over 1,000 other pieces of information
This data is stored in the Verve database where the machine learning engine conducts analysis across all of this data in real-time, monitoring for known exploits or actions requiring attention.
The practical benefits of this are wide-ranging in this time of remote work:
Real-time visibility of all vulnerabilities and patch status on all IT and OT assets
Ability to see DCS alarms in a single data base and dashboard across all sites, enterprise-wide, remotely
Identify root cause issues using log, device performance and end point data together to conduct incident response to both security and reliability issues
Centralized ability to analyze potential threats within the environment
Multi-perspective or 360-degree view of the asset from OT context to specific configuration and risk allow for prioritized, contextual risk acceptance and remediation planning
The second key element of the architecture is the “Act Local” component, allowing for a centralized design of actions with controlled automation of final execution of those actions. Remote visibility, as described above, allows remote teams to quickly identify and get to the bottom of incidents.
Without the “Act Local” component, remote support would not be very effective. With “Act Local” central/remote teams can analyze and develop playbooks of actions a local site needs to remediate issues.
This includes actions like turning off ports, removing software, patching systems, reconfiguring a switch rule, removing user accounts, changing configuration settings, etc. It allows for true remote OT systems management to ensure reliable, safe and secure OT systems.
The logical flow is as follows:
Perhaps the most important component of this architecture is local control over remediation actions. In most industrial environments, the only people allowed onsite are those deemed “essential”. This means many of the staff typically responsible for maintenance. may not be present.
The “Think Global: Act Local” architecture allows for the remote team of maintenance and security personnel to design actions pushed down to the site. The “essential” personnel onsite execute the action when appropriate from an operational point of view. This means all of the security analysis, prioritization of risk, root cause analysis, etc. is conducted remotely, while the sensitive operations are maintained at the site.
In the unprecedented times we’re facing today, the “Think Global: Act Local” architecture radically simplified operational model for security and reliability. It means the difference between being secure and being vulnerable to cyber threats.
When the COVID-19 pandemic slows, and we return to normalcy, those that implemented this architecture will find that the efficiencies gained can be extended to a new model of operational efficiency and speed to incident remediation.
Deploying Security Management Remotely
For those without the architecture in place right now, it is important to know this can be deployed remotely. There has been a surge of interest in adopting this architecture as potential customers look to continue their cyber security maturity journeys with limited on-site staff and no ability to send contractors onsite to deploy additional hardware.
The Verve Security Center is 100% software-based, with no need for additional taps or hardware and has operated safely and effectively within OT environments for over a decade. As a result, it can be deployed across hundreds of worldwide locations remotely in a matter of weeks.
We are excited to share this remote access approach to accelerate a transformation in industrial security and reliability. Please contact us to request a demo.
Related Resources
Subscribe to stay in the loop
Subscribe now to receive the latest OT cyber security expertise, trends and best practices to protect your industrial systems.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Don't Miss Our Upcoming Webinar
How to Prepare for the Future of OT Security
Tuesday, June 18 at 7am & 12pm CT
Discover top 2024 trends, learn practical defense strategies, and build a long-term plan to protect your OT environments.
00Days
00Hours
00Minutes
00Seconds
Your Spot is Reserved
How to Prepare for the Future of OT Security
Tuesday, June 18 at 7am & 12pm CT
Thanks for registering for our webinar. You will receive a confirmation email within 48 business hours.