Summary
Over 60% of OT/ICS security leaders say finding talent is a significant challenge. Verve brings 25+ years of OT/ICS engineering experience to fill these staffing gaps, reducing cost and reducing the time required to significantly improve your security.
Verve’s managed services offerings range from regulatory or corporate compliance support to endpoint management practices such as compliance, OT systems management such as vulnerability management, patch management, configuration management, etc., to dedicated monitoring and response leveraging the Verve Security Center (VSC) platform.
The following case study describes how we support a multi-site generation organization using VSC-enabled OT/ICS management security services.
The Challenge
A top 10 North American power generation company with a number of multi-unit generation facilities from coal to gas to hydro sought to achieve rapid security maturity and maintain NERC CIP compliance across the fleet. Their team had deep instrument and electrical technical expertise but lacked experience in security and compliance. They wanted a single team to manage compliance and security across endpoints and networking while offering both remote and on-site support.
The Solution
The security team turned to Verve’s managed services because of the combination of our deep knowledge of ICS systems and the integration with the Verve Security Center platform.
VSC was deployed across the client’s largest generation sites for visibility and actionability on security and compliance. The two teams jointly designed a managed service solution that included a combination of on-site and remote staff. This team monitors the VSC for vulnerabilities, patches, configurations, alerts, alarms, backups, malware alerts, etc.
The managed services team works closely with the generation I&C team to conduct key systems management tasks such as configuration hardening, network device management, and security alert response.
They also work in tandem with the corporate IT security operations center on incident response to identify the true root causes of potential events.
The Impact
The managed services arrangement tailored specifically to match our client’s needs significantly improved their cyber security maturity by bringing in a technical ICS team with deep cyber security expertise. This team is trusted by plant management to address alerts, alarms, and systems management issues while ensuring the plant remains reliable and online.
The Verve Security Center automates all insights and asset visibility, letting a small team assess and design remediation once to be leveraged across the fleet. This drives greater efficiency and accuracy of risk reduction activities.
Most importantly, the solution lowers the cost of services for this organization compared to building out an internal OT/ICS security team at each site. It also avoids the challenges of recruiting, training, and turnover that come with staffing in the cyber security industry. Finally, it provided support to ensure positive NERC CIP audits.
