Industrial control system (ICS) management and cyber security vendor Verve Industrial has partnered with operational technology (OT) and IoT supply chain security company aDolus Technology. The partnership integrates the power of the aDolus FACT platform’s IoT/OT SBOM (software bill of materials) analysis and firmware validation into Verve’s IoT/OT endpoint vulnerability management platform.
The Verve Security Center continues to deliver capabilities to its clients in a single, easy-to-use platform and aDolus’ FACT platform is the latest in Verve’s ability to both simplify and improve their client’s risk management, according to a press statement.
The Verve Security Center provides its endpoint clients with a single, easy-to-use platform, while aDolus’ FACT platform correlates information from diverse sources about ICS, IIoT, and IoT firmware and software, to deliver continuous assurance that packages and all their subcomponents are legitimate, tamper-free, and safe to ship and install.
Last April, Verve released Version 8.0 of its Verve Security Center platform, which boosts the ease of use, depth of insight, and speed to remediation of cyber risks. The platform develops on the company’s approach to integrate OT-IT security, by providing complete software-based asset visibility without the need for expensive taps and/or complicated span ports.
The Verve Security Center also delivers risk management prioritizing across hundreds of risk components, rather than just vulnerabilities or firmware, and closed-loop remediation with integrated treatment of risks to accelerate mean time to remediation.
The integrated offering will help to reduce ICS software supply chain risk and give users the ‘deepest visibility into OT risk available in the market,’ according to an aDolus blog post. Verve embeds this intelligence as an easy-to-use ‘FACT score’ that indicates a component’s trustworthiness, it added.
“Current approaches that rely on passive detection of software miss the underlying reservoir of risk of both OS and application software as well as the hidden risks of vulnerable components within OT/IoT firmware,” said John Livingston, CEO of Verve. “Through this partnership, our customers can not only identify ‘known’ risks, but immediately check for vulnerabilities hidden in their embedded firmware.”
“Our combined offering is the only platform that enables end users to manage the security of their ICS/OT endpoints down to vulnerabilities in hidden subcomponents,” said Eric Byres, CEO of aDolus.