The Verve Security Center (VSC) is designed to be flexible enough that it is well-suited to a wide variety of industrial settings, beginning with its roots in power utilities, but one area where it is a perfect fit is in distributed “green” energy.
The typical layout of larger green energy generators and the flexible characteristics of the VSC mesh together extremely well. Most of the medium-to-large green generators, whether in the United States or, more commonly, as multinational collections, consist of distributed fleets of generating facilities, many of them relatively small and often unattended, with centralized control and dispatch functionality and management. For larger concerns, there are sometimes regional layers of control and dispatch in between.
This matches very well with the Verve Security Center model, which typically includes distributed asset management nodes feeding into a centralized reporting and visualization server or set of servers.
“Think Global” – Distributed-to-central architecture for reporting support
While Verve’s architecture is designed to be flexible, the most common VSC architecture for power utilities involves placing a server with the Verve Asset Manager (VAM) component at each generating site in order to manage local functions such as asset discovery and patch distribution. These VAM components feed results to a centralized reporting component server, typically located on a controls network in an operationally central location such as a control center. This allows for one-stop monitoring capability for centralized IT or OT security personnel to spot both problems at a distant site or problems which are replicated across multiple sites.
The reporting server functionality includes a fully configurable analytics and visualization engine. While the product is installed with a number of useful prepackaged reports and templates, dashboards and reports can be created to meet any needs, from immediate monitoring to vulnerability exposure monitoring to compliance checksheets. In addition, Verve includes comprehensive machine learning functionality to identify anomalous patterns of behavior across the fleet.
“Act Local”: Centralized support of distributed patch management
The utilization of the centralized Verve Asset Manager servers allows for patch management to work in the opposite manner from reporting to great benefit for patch distribution and management. Reporting, analysis, and patch/remediation planning are all done centrally to scale limited resources, but then actions can be delivered to local VAM installations for local control over the deployment of remediation actions.
Patches identified through monitoring of reporting functionality are loaded on a central VAM server and distributed to each field site with unpatched assets, then the local VAM infrastructure can be used to install patches with whatever degree of automation and scheduling is desired.
For many organizations, this greatly reduces needed travel time while allowing for much faster deployment of patches. The degree of control allowed means that tracking of needed patches can be done globally while allowing for localized action plans to meet operational needs.
In addition, the VAM implementation is designed to be highly scalable and is generally deployed on virtualized systems that can be made as powerful as needed to support everything from large data centers to medium-sized generation (such as hydro plants) to green generation sites with small equipment footprints.
Connectivity across a broad range of endpoint devices
For Windows and UNIX systems, VAM utilizes a small agent tuned specifically to the OT environment, proven over a dozen years, to gather system information and support asset discovery on the local network.
Verve extends OS-device visibility to embedded devices where agents are not feasible. Verve’s Agentless Device Interface (ADI) technology platform uses various methods to connect to a broad range of assets that do not support a conventional operating system or the use of installed agents – everything from network assets to controllers to relays to any other type of device which supports reliable connections can be interfaced with through ADI.
Verve already has a large library of existing ADI targets, including almost all common power DCS systems, allowing for rapid, useful deployment of the product at the beginning of each implementation project in a wide variety of utility settings.
However, part of the expectation on each side for new deployment is Verve’s commitment to the development of any needed ADI connections for any major asset types that we haven’t previously encountered or had sufficient demand for. Because Verve has experience across the utility industry as well as a wide cross-section of other OT/ICS environments, development tools and knowledge are in place for rapid production of new interfaces.
Robust host intrusion detection and SIEM
Beyond endpoint management, as described above, Verve also includes the only OT-specific host intrusion detection platform. Verve aggregates all log/syslog/netflow in addition to information on device behavior to identify potential risks and threats in the OT environment.
In addition, the Verve Security Center has an integration capability with a healthy range of existing third-party security solutions to support functionality such as whitelisting or backup abilities, with new integrations being developed constantly and on-demand development available when needed for product support. This enables a rich set of data to flow into Verve’s threat and vulnerability insights. This system allows central teams to build automated alerts on key triggers as well as use Verve’s machine learning to identify anomalous patterns of behavior.
Because of this strong support, clients are able to utilize the Verve Security Center as a fully integrated single security solution for the entire operational enterprise, allowing centralized visibility and management across their operational security needs.