2020 was a year many would rather forget. This blog will refrain from going back through the dozens, hundreds or millions of disappointments of 2020 with COVID-19, racial injustice, threats to democracy, massive supply chain security intrusions, etc.
One is almost embarrassed to comment on a successful year, given the many challenges and heartaches felt by the world at large. At the same time, most are hopeful as we look forward to 2021 with vaccines, commitments to improved cyber security and safety, and a bit of the “it has to be better than last year” mindset.
Verve’s 2020 success in ICS security
For Verve Industrial Protection, 2020 was a strong year in terms of customer support, growth, and improving the security of the world’s infrastructure. Against the backdrop of great distress, Verve persevered to double sales, add 4x more customers than in 2019, increase our headcount by doubling our team, expand our presence globally, and, most critically, help make a large dent in the cyber-related threats to critical infrastructure.
Cyber security product development
2020 was a year of significant expansion in Verve’s product capabilities as well. The foundation of our cyber security software is its distinctive agent-agentless solution for OT (or ICS) endpoint management. Unlike the network-based anomaly detection platforms that gather the greatest media attention, Verve’s approach gets data directly from the endpoints – from Windows servers and HMIs to networking devices to embedded OT and IoT devices such as relays, PLCs, cameras, RTU’s, etc.
This foundation, developed and proven over the past dozen years, continues to add value for our clients each year. It enables much deeper asset visibility and inventory without any of the hardware and installation challenges of network anomaly detection solutions.
Instead of relying on the OS version and software communicating over the wire, Verve’s deep visibility of all patches installed (and those that are not applied but relevant) provides more accurate vulnerability information than relying on network traffic capture.
Verve dramatically reduces mean-time-to-remediation/response by enabling actions at the endpoint level to respond to vulnerabilities or threats. In 2020, Verve built off this foundation to deepen critical capabilities for our clients.
Verve’s 2020 product enhancements include:
- Expansion of our vulnerability view to enable greater prioritization of vulnerabilities based on compensating controls such as network connectivity, user and account insecurity, malware protection, etc.
- Advancement of our host-intrusion-detection platform which is the only OT (or ICS) focused host-based model. There are many Network Intrusion Detection options, but Verve provides greater endpoint clarity and accurate alerts by directly monitoring the endpoint behavior itself and combining that with network information.
- Enhancement of our patch discovery, evaluation, and deployment solution to integrate that directly into the Verve patch delivery platform to significantly reduce the cost of patching and compliance.
- Expansion of our integrations with third-party software so that Verve now has the widest selection of integrations of any OT/ICS solution, importantly “inbound” integrations to bring important security information into our assessment and detection tool as well as “outbound” to corporate tools such as Splunk, ServiceNow, etc.
During 2020, Verve conducted dozens of vulnerability assessments of OT/ICS systems which led to key learnings and insights for the industry:
- Execution, execution, execution. One of the greatest risks we find is the difference between “plan” or “policy” and “execution”. In many cases, industrial companies have well-conceived security architectures, plans, or policies, but as they hit the OT (or ICS) environment they fail in their execution. This comes through in weak or misconfigured firewall rules, devices with many dormant accounts and poorly secured user access, unapproved and insecure software installations, etc. The lack of execution is consistent across size and industry. It highlights the criticality of real-time 360-degree risk view to ensuring plans and policies are executed consistently.
- Increased recognition of the need to patch and harden configurations as the “air-gap” has all but gone to the waste-bin. OT systems are known as challenging to patch, but now with much easier access, the need has never been greater. The need for automated and efficient patch management built specifically for OT is never more important.
- User access control. One of the more striking findings is the consistent presence of weak user and account controls. Upon deployment, the Verve Security Center immediately identifies all users, accounts, passwords, and other settings on a device. We consistently find many dormant or unnecessary accounts or admin rights of local and admin users in OT/ICS environments. One of our clients used Verve after its recent maintenance outage to ensure vendor accounts created during the outage were cleaned up after the outage. Without active management of accounts and user rights, all of the threat detection in the world may be ineffective.
- IIOT or “Industry 4.0” has created a growing risk landscape as increased remote access creates connections to sensitive environments. In Verve’s assessments, we see increasing vendor and other third-party connections to the control systems for both data gathering and inbound commands to the control system. These connections are increasing the need for greater endpoint security management within the control system. It is critical that these endpoints are locked down (patched, hardened, user and access controlled, etc.) now that there will be greater access into the environment.
As 2020 turns to 2021, we begin with the largest supply chain hack in history – SolarWinds. This cyber event essentially sets the baseline for 2021 in our view. SolarWinds was not just an IT incident. A very large number of organizations were using it in OT/ICS as well.
OT cyber security predictions in 2021
While we would love to see 2021 go by quietly, all indicators point to the increase of OT threats. The shift to remote access is here to stay and IIOT/Industry 4.0 will accelerate. More vulnerabilities are discovered every month and many of these apply to software stacks used on hundreds or thousands of devices. COVID-19 will hopefully retire into our memory banks in 2021, but the “viruses” in our industrial infrastructure are unfortunately only getting started.
Stay tuned for a technical dive into the 2020 vulnerabilities and what this tells us to prepare for in OT security in the coming year.