What is OT/ICS Incident Response?  

Incident response is the practice and technology to react to potential indicators of threats.  These indicators can be triggered by a SIEM (Security Information and Event Management) or from ICS/DCS alarms, from endpoint detection dashboards, or by technicians or operators seeing abnormal behavior in the physical process.  Types of incidents include:

  • Anomalous physical process behaviors
  • Indicators of compromise from security event monitoring
  • Anomalous endpoint behaviors

Responding to incidents is the process of diagnosing root causes, designing appropriate reactive measures, and taking action to secure or resolve an incident. These actions can include:

  • Stop a process, machine or line
  • Disconnect a port
  • Remove inappropriate software
  • Remove users or accounts

What makes OT/ICS Incident Response different?

The biggest difference is the potential for physical impact of both the incident as well as the response. Incident Response in OT/ICS must take into account the potential to impact supply chains, production output, other connected processes, etc. The consequence of both the incident and any response needs careful assessment by people knowledgeable about the process and the control systems used to ensure incidents and responses are analyzed and acted on appropriately.

Benefits of Verve Incident Response

Faster Response Time

Verve’s closed-loop actions and integrated database means faster time ti root cause and faster time to response

Learn More

Built-In OT/ICS Experience

Built by ICS engineers who understand process and potential incident impact

Learn More

Simpler Process

Integrated database across all information simplifies analysis and response planning

Learn More

Request a Demo

Speak with a Verve security expert to see how to effectively respond to incidents in your ICS environment.

Request a Demo