Hoping to capitalize on the brand recognition of its SCADA security product, Verano Inc. today announced that it will henceforth be known as Industrial Defender, Inc.
The company also announced a managed services offering that will serve as the third branch of its product portfolio, which already includes consulting services and software and hardware products.
The centerpiece of the renamed company remains its Industrial Defender product, which is installed on premises to provide IT-based threat prevention and detection — threats that can come from hackers, malware, employees, outside collaborators, and others.
The linchpins of the product are Industrial Defender Guard, which supplies perimeter defense to control and SCADA systems, and the Security Event Monitoring (SEM) console, which displays information and alerts of threats to the IT infrastructure. The ID Guard appliance includes a firewall, virus prevention, and automatic system lockdown based on preset threat levels. Another module, the Network Intrusion Detection System, catches malware at the network level, while the Host Intrusion Detection System monitors and detects untoward events on host computers at the applications and operating system layer.
The Industrial Defender suite is system-agnostic, according to the company, and can operate on top of a distributed control system from any of the major automation vendors.
The new Co-Managed Security Service (CMSS) transfers oversight of the Industrial Defender product to an off-site support center run by Industrial Defender. The managed services available map to the products offered in the Industrial Defender suite, allowing a manufacturer to select the elements of the deployment that it wants monitored and controlled by the technology provider.
Activities covered by CMSS include security and performance monitoring, security device deployments, network user session recording, co-management of firewalls, and co-management of Industrial Defender products, including Unified Threat Management, Network Intrusion Service, and Host-Based Intrusion Detection. The company established a Security Operations Center as a command post for the managed services offering.
Part of the appeal of the service, according to Sath Rao, director of industrial automation and process control at research firm Frost & Sullivan, is the industry knowledge that the vendor brings to plant security. "[The] co-managed security services model provides the ability to leverage industry expertise and provide parallel escalation paths, so that organizations can respond quickly and more efficiently to emerging threats and take preventive actions," Rao told Managing Automation in an e-mail interview.
The functionality Industrial Defender used to establish the managed services offering came from its September 2006 acquisition of e-DMZ Security, LLC, a provider of outsourced security management for control systems.
The cost for the service will be determined by the number of devices managed, and will be charged monthly. Installations of the Industrial Defender product run from approximately $15,000 for a basic deployment of the SEM module and the Guard product to as much as $450,000 for a full deployment in a plant featuring a complex control system.
Adoption of IT-based plant security products has been far from swift. Many industrial companies still look upon cyber-based plant security as a "sunk cost," according to Charles Newton, president of Newton-Evans Research Co., Inc., which specializes in analysis of the utility industry. The fact that a catastrophic IT event hasn't happened is security enough for some, he said, and can lead to questions such as: "Where's the return if I give you a million dollars for a security system? How's that going to benefit us in Wall Street's eyes?"
Rao characterized the manufacturing sector's interest in cyber-security as growing, but in a "nascent stage."
Yet, as security becomes a greater focus for the organizations that oversee Industrial Defender's target industries, including the American Pipeline Institute, the American Water Works Association, and the North American Electric Reliability Corp., interest in these products and services could grow, Newton said.
"I think CMSS is a harbinger of the types of services that are needed, and it will likely be one of the first of what I think will be several CMMS-type offerings," he said.
According to the Department of Homeland Security, which has established the Control Systems Security Program, the infrastructure is ever more vulnerable as IT systems become more open. "This transition towards widely used technologies and open connectivity exposes control systems to the ever-present cyber risks that exist in the information technology world in addition to control system-specific risks," a fact sheet on the program's Web site states.
Verano, a 2006 MA Company to Watch, was founded in 1996, before the events of Sept. 11, 2001, had cast a light on the fragility of the country's critical assets. And yet, even amid the ensuing security crackdowns in the United States, Industrial Defender has seen better adoption rates overseas, President and CEO Brian Ahern recently told Managing Automation. For instance, he said, Industrial Defender is installed in 21% of the power plants in the United Kingdom, and recent installations include a Russian oil pipeline and a new transportation system in Spain. Worldwide, the Industrial Defender product has 1,100 deployments.
The company's main customer markets are those in which disruptions to operations can have catastrophic results: chemical, oil and gas, power, transportation, and water. Ahern said potential exists for forays into discrete industries, such as automotive and food and beverage, but, for now, the company is dedicated to gaining traction in its core verticals.
"We're just focused on the highest probability pursuits for us," Ahern said.