Operational technology (OT) security vendor, Industrial Defender and FoxGuard, have combined to streamline patch and vulnerability management for critical infrastructure companies. Security teams can now make smarter patching decisions, as they can visualize from a single screen exactly which assets are missing vendor-approved patches or have open vulnerabilities published in vendor-specific feeds, and prioritize patching and remediation efforts.
The combined offering delivers automated asset inventory data collection, real-time monitoring for vulnerabilities, vendor-approved patch and vulnerability data, and audit-ready documentation for NERC CIP.
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards are a set of regulatory standards that address the security and safety of cybersystems critical to the operation of the North American bulk electric system.
“We are taking what was once a complex, manual task and simplifying it so that OT security teams can make timely, informed decisions about emerging threats,” said Jim Crowley, CEO at Industrial Defender in a press statement.
Traditional IT enterprise solutions can be demanding of already limited computing resources and often fail to fully address the vulnerability and patch management needs of operational environments. Not all vulnerabilities have a patch, especially in ICS environments, and it can often be impractical to patch these systems on demand. With multiple, and sometimes conflicting, sources of patch and vulnerability data, OT security teams can find it difficult to make informed patching decisions.
With the integrated offering, compliance teams can collect evidence for tracking patches from release to installation, including a security rating for each patch. This information is then included in the automated NERC CIP compliance reporting, eliminating the need for manually tracking on a spreadsheet.
Last month, Industrial Defender and Waterfall Security Solutions announced a deal to secure OT networks, industrial operations and critical infrastructures. This collaboration unites Industrial Defender’s breadth of security, change detection and compliance data with Waterfall’s unidirectional security gateways to transmit asset data from control systems to cybersecurity teams.