Industrial Defender rolls out Immunity by ID, a cloud-based OT vulnerability management solution

Operational technology (OT) security company Industrial Defender launched Thursday its Immunity by ID, a new cloud-based offering that helps industrial security teams turn their OT asset inventory information into a risk-based vulnerability management program. The scanless, cloud-based offering is set to leverage machine learning and natural language processing (NLP) to create a prioritized list of vulnerabilities using existing asset inventory information.

Using Immunity by ID, organizations will be able to ingest and normalize information on the OT hardware and software inventory from an asset visibility tool, CMDB (configuration management database), or spreadsheet, Industrial Defender said. Additionally, the solution creates a prioritized list of vulnerabilities, along with applicable patching data, so that the organization’s team can make smarter patching decisions to reduce risk. The list of vulnerabilities is based on asset criticality and risk levels, it added.

“We’ve developed a number of techniques over the years working with data generated from various solutions,” Peter Lund, CTO at Industrial Defender, told Industrial Cyber. “It started with our own asset management system and we realized we could use the same approach with data from other systems. NLP is one of the many techniques we use to normalize the data as it comes in,” he added.

Currently offered as a stand-alone solution or as an add-on within the Industrial Defender platform, Immunity by ID will be offered as a free 14-day trial to the company’s qualified users across North American and European critical infrastructure companies through the end of May to support their efforts to shore up cybersecurity defenses. After that, Lund said that the pricing of the solution would work out to between US$50, 000 to $150,000 annually depending on asset count.

“With the looming threat of a global cyber war, critical infrastructure organizations of all sizes are looking for straightforward solutions that rapidly deliver actionable intelligence to help them protect their essential systems,” Lund said in a media statement. “We created this tool to help companies better utilize the asset information they already have that may be nothing more than a data dump right now,” he added. 

As Immunity by ID is powered by an anonymized cloud, it offers protection even when critical infrastructure organizations are not asking it to, Industrial Defender said. As soon as a vulnerability is published, organizations will know if they are at risk, without waiting for the next software update.

Immunity by ID is primarily a vendor-agnostic solution that generates a prioritized list of vulnerabilities based on asset criticality and risk level, along with applicable patching data, to help keep the critical infrastructure secure in the face of global cybersecurity threats, the company said. The solution is typically up and running in a matter of days, allowing users to begin their vulnerability management program immediately, and simple, transparent pricing lets them scale a subscription as they mature, it added.

Immunity by ID continuously monitors asset inventory for new vulnerabilities, Industrial Defender said. Organizations can also view vulnerabilities and weighted risk in the Immunity by ID application. Following this, a patch plan and tickets are created, and the patch deployment is validated by Immunity, it added. 

Last month, Industrial Defender opened a European Office in the Netherlands to meet the increasing global demand for OT cybersecurity. The office will serve customers in Europe, the Middle East, and Asia to boost their cyber resilience with local resources amid escalating cyber threats.

Earlier this week, Skybox Security said that OT vulnerabilities jumped 88 percent, from 690 in 2020 to 1,295 in 2021. At the same time, OT assets are increasingly connected to networks, exposing critical infrastructure and other vital systems to potentially devastating breaches. OT systems support energy, water, transportation, environmental control systems, and other essential equipment. Attacks on OT systems have risen precipitously, disrupting operations and even jeopardizing health and safety.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.