Identifying and remediating or mitigating known ICS vulnerabilities is one of the best ways to prevent industrial compromises. Given the sophistication and effectiveness of recent industrial incidents, it is more important than ever to implement effective ICS vulnerability management.
Despite the existence of known vulnerabilities within systems that exist on process control networks (PCNs), many organizations today struggle with OT vulnerability identification and management. Levels 1 and 0 systems, which comprise 80% of all the assets in an industrial facility, are opaque in most organizations to security personnel. Proprietary architectures and lack of standard protocols in multi-vendor process control environments make asset discovery, system identification, vulnerability assessment, and overall risk mitigation difficult to achieve.
ICS Integrity provides robust vulnerability and patch management capabilities for complex, multi-vendor industrial facilities. PAS by Hexagon collects the latest known vulnerability and patch information, and makes it available for you to automatically download and use within ICS Integrity. Information ICS Integrity collects about your assets is compared to the latest known vulnerability and patch information, and assets to investigate are identified. In addition, ICS Integrity provides views and workflows to help you manage identified assets and remediate or mitigate potential vulnerabilities.
The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data. This information is continuously updated. PAS by Hexagon processes this information each day and posts an updated Vulnerability Management asset model that you can schedule to automatically download and import each day.
Microsoft provides patch management information on the second Tuesday of each month. PAS by Hexagon processes this information the day it is released and posts an updated Patch Management asset model that you can schedule to automatically download and import after the 15th of each month.
If there is a delay in the release of patch management information from Microsoft,
or if an issue is identified with the patches, PAS by Hexagon may need to delay the updated Patch Management asset model for that month.