OT Managed Services: Expert Insights for Security & Reliability
Feeling overwhelmed by multiplying threats, stricter regulations, and a talent shortage? You’re not alone.
In our recent webinar, “Strengthening OT Security Through Managed Services,” industry leaders John Livingston (CEO, Verve Industrial) and Justin Jackson (Technical Services Manager, Verve Industrial) tackled these challenges head-on. They discussed the critical role of asset visibility, vulnerability management, and seamless data flow. They also explored why managed services offer a powerful solution for scaling operations and navigating the evolving threat landscape.
Strengthening OT Security Through Managed Services
The Importance of OT Security & Data Reliability: Escalating Threats & Industry Challenges
(05:53-14:43)
John Livingston begins the webinar by explaining the critical importance of OT security and data reliability in the face of escalating threats. Here are the key challenges he discussed:
Internal Risks:
The growing integration between IT and OT systems, while necessary, introduces vulnerabilities. This makes compliance measures essential and necessitates more robust security practices across the interconnected systems.
External Risks:
The rise of ransomware and other malware specifically targeting OT systems presents significant financial and operational risks. This trend underscores the need for proactive security measures.
OT Security Challenges
These risks translate into significant challenges in protecting OT environments:
Asset Inventory:
Incomplete or outdated inventories hinder visibility, making it difficult to identify and mitigate security vulnerabilities effectively. An accurate inventory is crucial for determining which assets are in scope for remediation and which can be safely patched.
Vulnerability Remediation:
Numerous OT vulnerabilities, along with legacy assets and patch limitations, complicate remediation. This requires a comprehensive approach to address software weaknesses and misconfigurations.
Data Reliability:
Real-time data flow issues, including communication errors and potential attacks, can severely impact operations and decision-making. Organizations need to ensure uninterrupted data flow to maintain operational integrity.
Lack of Personnel and Processes:
Limited staff and lack of standardized processes hinder effective OT security management. Organizations must build capable teams and implement robust processes to holistically address security challenges.
An Integrated Approach to Security and Reliability
(14:43-22:08)
The expanding threat landscape and operational challenges highlight the growing importance of an efficient and effective OT security program built on three key pillars:
Building a Team
Effective OT security requires a team that integrates diverse skillsets, combining system management expertise with collaborative IT/OT practices to overcome resource limitations.
Integrated Detection and Response
Threat detection and response should be combined to streamline actions, allowing for a more cohesive approach to security incidents. This integration reduces response time and improves overall security.
Think Global, Act Local
Centralized resources handle data analysis and remediation planning, while local teams manage on-site actions. This balance ensures effective responses at all levels, from data analysis to local execution.
These three pillars are the foundation of Verve’s approach to managed services and help define the ideal outcomes of client relationships.
Verve's Approach to OT Managed Services
(22:08 – 38:54)
Verve’s approach to managed services offer a comprehensive solution to OT security challenges, covering everything from assessments and roadmaps to remediation and ongoing maintenance. Here’s how this approach works:
Tech-Enabled Assessment:
Verve uses software to gather deep asset data, identify risks, and score them, providing a strong foundation for making security improvements.
Roadmap Development:
The gathered data is translated into actionable security and reliability improvements, creating a clear path forward.
Remediation and Ongoing Maintenance:
Systems are initially hardened and continuously managed, including vulnerability management and monitoring, ensuring long-term security.
Integration with Third-Party Tools:
Verve’s solutions are compatible with other tools, including firewalls, backup solutions, and remote access tools, ensuring comprehensive prote
Modular and Scalable Services:
Verve’s approach is both modular and scalable. Functions are modularized, with centralized and local integration for efficient management of OT systems. Service teams work closely with both local and central teams to manage vulnerabilities and improve reliability.
OT Systems Management:
Verve’s managed services team assists in maintaining reliability and security. They provide practical examples of successful improvements, including comprehensive asset inventory, compatibility analysis for remediation plans, on-site actions, and monitoring data flows for operational integrity.
Client Success Stories with Verve's Managed Services
(38:54 – 51:34)
This approach has proven successful in achieving significant improvements for OT clients, as demonstrated in the following examples:
Vulnerability Remediation:
- Verve’s software provides deep asset discovery, compatibility analysis, and customizable risk scoring.
- Teams provide practical guidance on patching and offer field resources to implement changes.
- Clients see a reduction in risk over time, with continuous measurement against their risk score.
Data Reliability:
- Clients often struggle with resource constraints, especially in managing data historians.
- Verve assesses existing systems, sets up proactive monitoring and automates issue detection.
- They provide troubleshooting playbooks and support.
- One client saw a 10% initial improvement in data reliability, then reached 99%+ through software updates and system optimization.
Managed SOC Integration:
- Verve integrates with Rockwell’s managed SOC capabilities.
- The SOC alerts, provides “least disruptive response” recommendations, and can even take action.
- Clients benefit from deep asset knowledge and closed-loop action.
Overall Results:
Verve’s approach brings significant cost savings and measurable security improvements:
- Cost Reduction: 50% savings on assessments, 70% reduction in ongoing maintenance costs.
- Security Posture: Clients see marked improvement across the NIST framework, with some scores doubling through Verve’s program.
Q & A Recap
(51:34 – end)
In the Q&A session, questions were asked about risk quantification, service structure, and ideal client partnerships. Here’s how Verve approaches these key areas:
Calculating OT Cyber Risk:
Verve utilizes a multi-dimensional risk score that factors in asset criticality (including redundancy), the severity and number of vulnerabilities (with OT context adjustments), and the presence of compensating controls (antivirus, whitelisting, backups).
Defining Services:
Verve champions a modular but scalable service model. Modularity allows for targeted functions like patch management, while a “think global, act local” mindset ensures scalability (centralized analysis, local implementation).
Client Partnerships:
Verve envisions an ideal managed service relationship as a long-term partnership with clear governance and integrated teams featuring close collaboration between the client and service provider.
Assessment Approach:
Verve’s assessment methodology is tech-enabled for efficiency, process-oriented for understanding context, and standards-based yet adaptable. They frequently leverage NIST CSF, CIS 18, IEC 62443, and applicable regulations (like NERC CIP, NIS 2).
Webinar Recap Wrap-Up
This webinar provided a wealth of information on how to navigate the growing challenges of OT security. By prioritizing asset visibility, vulnerability management, and seamless data flow, organizations can build a strong foundation for security and reliability. Verve’s OT managed services offer a comprehensive solution, helping you address these critical areas and achieve significant improvements in your OT security posture.
