Video Overview | Video Transcript

Video Overview

Introduction

  • Brief overview of the discussion topic and the participants.

Verve’s Position in the Industrial Cybersecurity Market

  • Verve’s background and perspective.
  • Focus on endpoint security.
  • Providing an integrated security management console.

Challenges in Managing Industrial Cybersecurity

  • The struggle of managing cybersecurity in complex environments.
  • The need for a holistic security approach.

IT to OT Cybersecurity Convergence

  • The emerging trend of IT and OT convergence.
  • Verve’s role as a translator and guide.
  • Integration with IT tools for seamless communication.

Future Plans and Enhancements by Verve

  • Integration with IT tools.
  • Improving the risk scoring model.
  • Introduction of “least disruptive response actions.”

Services in Industrial Cybersecurity

  • The importance of services in bridging cybersecurity gaps.
  • Verve’s range of services, including assessment, remediation, and managed services.

Real-world Impact: A Case Study

  • An example of Verve’s significant impact on a power generation and transmission company.
  • Efficiently managing security across diverse environments.
  • Cost reduction and improved security posture.

Video Transcript

Featuring Sid Snitkin, VP of Cybersecurity Services, ARC & John Livingston, CEO, Verve Industrial

Introduction

Sid Snitkin
I’m joined today by John Livingston, CEO of Verve industrial, to discuss industrial cybersecurity. Welcome, John.

John Livingston 
Thanks. It’s great to be here.

Sid Snitkin 
Industrial cybersecurity encompasses a wide range of solutions, and there are various players in the field. To kick things off, can you clarify where Verve fits into this market?

Verve’s Position in the Industrial Cybersecurity Market

John Livingston
Certainly. Verve industrial has a unique background. We were founded approximately 30 years ago as a systems integration company by control system engineers. About 15 years ago, we ventured into software development. Our perspective is rooted in the world of control system engineering and understanding what it takes to safeguard these systems. Instead of primarily focusing on network analysis like many others, we concentrate on the endpoint. In this realm, we manage and secure endpoints, including asset management, vulnerability patch management, and more. To simplify, we specialize in endpoint security, while others may focus on network security. This allows us to offer a comprehensive security management console for our clients, helping them oversee vulnerability, patching, backups, and antivirus measures in an integrated manner. With Verve at the endpoint, we consolidate data, enabling clients to efficiently manage security across their entire infrastructure.

Challenges in Managing Industrial Cybersecurity

Sid Snitkin
Indeed, the challenges of managing cybersecurity across diverse industrial environments are evident. Many organizations struggle in this area, often due to insufficient investments. Do you observe such struggles among your clients?

John Livingston
Absolutely. Large organizations with multiple plants or sites worldwide face significant challenges in managing their cybersecurity. Currently, many sites operate independently, resulting in fragmented security approaches. There are various “towers” of security, such as vulnerability management and network intrusion. What Verve aims to achieve is an integrated perspective. We provide clients with the ability to see and evaluate every asset across all their environments. This unified view enables them to gauge their cybersecurity posture effectively, track progress, and take action as needed. We advocate for a holistic approach to security management, especially in the context of operational technology (OT).

IT to OT Cybersecurity Convergence

Sid Snitkin
That’s a valid point. The concept of IT to OT cybersecurity convergence is gaining momentum. Are you witnessing this trend, and how is Verve contributing to it?

John Livingston
Indeed, we see the convergence of IT and OT cybersecurity as a crucial trend. More organizations are recognizing the need to harmonize their cybersecurity efforts across these domains. CISOs and CIOs are increasingly responsible for this convergence, driven by directives from the board level. However, bridging the gap between IT and OT can be challenging. Verve, with its roots in control system engineering, acts as a translator and guide for clients making the transition. We help them communicate effectively with DCS engineers and plant managers, ensuring a safe and efficient integration. Technically, we achieve this by integrating with IT tools like ServiceNow, Splunk, and Elastic, allowing IT professionals to access relevant security data from the OT perspective.

Future Plans and Enhancements by Verve

Sid Snitkin 
What enhancements and future plans does Verve have to address these evolving needs?

John Livingston 
We’re continuously working to enhance our offerings. Integrations with IT tools are a top priority as clients increasingly request them. Additionally, we’re focused on simplifying and reducing the cost of managing complex environments. One significant effort involves improving our risk scoring model. This model helps clients assess and mitigate risks by identifying the best response actions that pose the least disruption to operations. We’re also exploring “least disruptive response actions” to address threats efficiently and effectively, ensuring minimal impact on operations.

Services in Industrial Cybersecurity

Sid Snitkin
Many companies are relying on external services for cybersecurity support. Does Verve offer services in this area, and if so, how can clients benefit?

John Livingston
Absolutely, we recognize the importance of services in bridging the cybersecurity gap. Verve started as a control system engineering services firm and continues to offer a range of services. When we deploy our software, we do not outsource it; clients have one point of contact. We provide assessment and roadmapping services to identify and prioritize risks. Our team of control systems and security experts also offers remediation services to help clients implement necessary security measures. Additionally, we provide managed services to assist clients in maintaining their cybersecurity over time. Our approach encompasses assess, remediate, and maintain.

Real-World Impact: Case Study

Sid Snitkin 
As a final question, could you share an example of how Verve has made a significant impact on a company’s cybersecurity quickly and efficiently?

John Livingston
Certainly, without naming names, we collaborated with a large integrated power generation and transmission company. They faced the challenge of managing security across diverse types of generation, including wind, solar, and thermal, as well as transmission and distribution facilities. Verve helped them consolidate their security efforts efficiently. By deploying Verve’s platform and integrating it with their existing tools, they achieved a centralized reporting and analysis platform. This streamlined approach reduced their resourcing costs by approximately a couple of million dollars annually. It also improved their security posture by providing a global view while allowing for local, site-specific actions. Think global, act local—a strategy that yielded substantial benefits for them.

Sid Snitkin 
Thank you for sharing that insightful example. It has been a pleasure speaking with you, John. Thank you for your valuable insights into industrial cybersecurity.

John Livingston
Thank you, Sid. It’s always great to discuss these important topics. Thanks for the opportunity. I’ve been discussing cybersecurity with John Livingston, the CEO of Verve industrial. Thank you for watching.

More Interviews with John

Video

How to Assess and Mitigate OT Security Risks

John Livingston discusses best practices for incident response, managing IT security practices in OT environments, and more!

Learn More
Video

Challenges of IIoT Cybersecurity: Strategies for Success in a Rapidly Evolving Landscape

Explore effective strategies to tackle emerging challenges in IIoT cybersecurity and stay ahead of evolving threats.

Learn More
News, Podcast

CEO Interview Series: John Livingston, CEO, Verve Industrial Protection

John Livingston, CEO of Verve Industrial Protection, discussed how the industry should respond to increasing threats and vulnerabilities in a video interview with CFE Media and Technology.

Learn More