Verve Industrial Recognized as Strong Performer in the Forrester Wave™ on ICS Security Solutions

The Forrester Wave™ is a guide for buyers considering their purchasing options in a technology marketplace. To offer an equitable process for all participants, Forrester follows a publicly available methodology, which is applied consistently across all participating vendors.

The first-ever Forrester Wave™ report on Industrial Control Systems (ICS) Security Solutions was released in Q4 2021, and signals increased awareness and a need for these solutions. The SANS 2021 OT ICS Cybersecurity survey reported ransomware as the clear leader in most concerning threat vectors, which comes on the heels of an explosive year of industrial targeted attacks.

The state of ICS cyber security

The risks in OT are becoming more available to the attackers to take advantage of. So just in the last year, when you look from 2019 to the year 2020, we saw a 30% increase in the number of ICS advisories from ICS-CERT, and almost a 50% increase in the number of vulnerabilities.

ICS has become a heightened target for cyber security attacks, so the need to address ICS cyber risks has never been greater. New threats are emerging every day – both targeted as well as untargeted collateral damage risks. According to IBM, the manufacturing and energy sectors are now the second and third most targeted industries, respectively, increasing from eighth and ninth last year.

Cyber security leaders in critical infrastructure are increasingly realizing the potential financial, operational and safety impact of cyber events. Attempting to get their hands around securing this challenging part of their networks, many leaders have kicked off efforts by separating their IT and OT networks, gaining visibility into the arcane world of OT assets, or gathering data from the OT networks into incident detection processes to identify potential threats.

2021 ICS Security Solution Forrester Wave™

This Industrial Control Systems (ICS) Security Solutions Forrester Wave™ brought together “the 12 providers that matter most” and Verve Industrial is honored to be recognized in this comparison as a “Strong Performer”. We commend Forrester in recognizing the imminent need to focus on ICS security.

While any vendor comparison attempts to directly match product feature-for-feature for sake of simplicity and consumption, this ends up forcing a square peg into a round hole for some of the participating organizations. As Forrester states, organizations need to evaluate these different vendors for the specific goals of that organization.

Over the past five years or so, the ICS security industry has largely focused on monitoring network traffic for anomalous patterns of behavior. So the vast preponderance of the vendors selected and the criteria in this Wave were focused on these network-based approaches to ICS security.

Securing OT systems through endpoint management

Based on Verve’s 25+ years of experience as automation engineers, we believe there is a fundamentally different, more effective, and efficient approach to achieve OT security that involves moving beyond network traffic to true endpoint protection, detection and management.  For over a dozen years, we have proven that industrial organizations can achieve the same level of protection as their IT systems with techniques leveraging the unique requirements of industrial control systems, without placing critical processes at risk. We call this OT Systems Management.

As Forrester states in its report, Verve has the only endpoint-agent-based ICS solution in this evaluation. Our customer-endorsed agent-agentless platform provides many capabilities that were not evaluated within this Wave such as the ability to take remediation actions (patch, harden configurations, manage users & accounts) as well as respond to threats from the platform which we believe are critical to ultimate ICS security.

There are some areas evaluated where Verve has intentionally chosen not to focus on product development. For instance, to score a “5” on services, a vendor needed to offer incident response services. While we certainly believe that’s important, our clients’ needs cover other areas where we have chosen to be distinctive, such as our Technology Enabled Assessments, risk remediation services such as network segmentation or patch management, etc.

Similarly, to score “5” in the remote access category, the vendor was required to offer its own remote access solution. We believe there are many strong remote access solutions in the market that integrate with organizations’ IT remote access solutions and have chosen to integrate with those rather than build a separate product.

Verve’s strategic innovation sets us apart

We are pleased that Forrester recognized Verve’s strong strategic direction because Verve’s current product and roadmap are in line with where the industry is heading. Every customer we talk to is struggling with the challenges of truly securing these assets and trying to integrate IT-like capabilities into the OT environment. They are overwhelmed with the number of alerts. The industry is moving towards an approach that leverages endpoint technology to both gather a deeper view of the assets and risks in the environment as well as take action to remediate and respond to threats.

Verve’s innovation history is significant: We are the first vendor to offer an agent-based solution across all OEM platforms, the first vendor to offer an agentless solution that communicates directly with embedded devices in their native protocol, the first vendor to integrate endpoint detection and response into OT environments, the first vendor to integrate process alarm data into its security platform, etc. We expect this list of firsts to continue, rather than replicating the approach of dozens of network anomaly detection tools.

Our customers will continue to be a guide, as our innovation cycle is fast and directly tied to customer feedback. We release a new version of the Verve Security Center every six weeks through an agile development process. We gather product ideas both from our own services personnel as well as multiple lighthouse customers to test and refine new features.

We encourage all perspectives and feedback as the industrial control systems security category continues to grow, develop, and mature. Please contact us to discuss your OT security challenges and let us show you how our unique approach sets a higher bar of security posture for our customers.