Tenable Teams with Deloitte to Secure Fortune 500 Manufacturing Environments

Security of networks and compute platforms will continue to be news for quite some time. After all, Putin didn’t agree to terminate all hacking emanating from Russia (surprise). But according to my firewall statistics, I’m hacked from a large number of geographic sites, and I’m just a blog site! This news came to me. Typical of security news, there are superlatives and claims that I have not been able to verify. The gist is that there is an attempt to bring OT and IT together in a secure network.

Tenable.ot showcased in Deloitte’s Smart Factory at Wichita initiative, providing its industry-leading capabilities for securing today’s modern OT environments

Tenable Inc. the Cyber Exposure company, announced a strategic collaboration with Deloitte to accelerate and secure smart manufacturing across Fortune 500 environments. Tenable and Deloitte have developed and implemented industrial-grade security solutions to help organizations understand, manage, and reduce cyber risk in their manufacturing environments around the world.

According to a smart factory study from Deloitte and Manufacturers Alliance for Productivity and Innovation, eighty-six percent of manufacturers believe smart factories will be the main driver of competitiveness in the next five years. These modern environments represent a massive business opportunity, but they also contribute to an expansive and converged attack surface of legacy information technology (IT) and new operational technology (OT). Increasingly, boards of directors and executives consider OT security a top business priority and risk. As such, smart factories require strategic, risk-based vulnerability management to defend and secure mission- and safety-critical systems. 

Deloitte’s ecosystem for smart manufacturing provides organizations with greater speed, scale and security over their digital transformation initiatives. By deploying Tenable.ot — the industry’s first unified solution for securing IT/OT environments — as part of a secure-by-design model, joint customers benefit from unmatched visibility and control over their converged industrial environments, with advanced threat detection and mitigation to identify weak points before an attack ever occurs.  

“Make no mistake, industrial environments run the global economy. They build, power and protect the world around us. Ensuring these smart factories are secure by design is paramount,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Strategic cybersecurity must be foundational to all smart factory initiatives. Without it, you’re building on pillars of sand. Securing modern, converged environments requires unified visibility across both IT and OT assets. We’re very excited to collaborate with Deloitte to do just that for customers around the world.”

In addition to the existing deployments around the world, Tenable.ot will also be showcased in Deloitte’s Smart Factory @ Wichita initiative — a 60,000-square-foot immersive experience equipped with the latest smart factory advancements — designed to demonstrate how manufacturers can embrace digital transformation in a secure, scalable way. In the facility opening this fall, joint customers will experience the power of a unified, risk-based view of their IT and OT environments, arming them with the visibility, security and control required to secure Industry 4.0. 

“The Smart Factory at Wichita is designed to explore the full range of innovation with Industry 4.0 technologies and maintaining cybersecurity is a critical piece to the manufacturing life cycle,” said Stephen Laaper, principal, Deloitte Consulting LLP. “With Tenable onboard as a builder sponsor, clients walking through the doors of the Smart Factory will have the ability to experience a secure industrial environment and can take solace in knowing critical organizational data is protected by a top leader in the industry.”

Betacom Announces Managed Private 5G Network

Last year’s edition of Apple’s Worldwide Developer Conference (WWDC) was filled with hype about AT&T and 5G network. Pundits received 5G-enabled iPhones and were less than impressed with the speed boost. This year’s WWDC was devoid of 5G hype. My response to the hype was that a little faster speed for iPhones was the least of 5G benefits. Despite the hype from other areas, I believe that before long industry will be building out 5G without extra thought. Sort of like 15 years ago when we suddenly went from talking about the potential of Ethernet in manufacturing to simply accepting it as the best solution for many networking applications.

This news from Betacom shows how we’ll slowly build out the tech until suddenly it’s everywhere.

Wireless pioneer Betacom, longtime design and deployment partner for the world’s leading telecommunication companies including AT&T, T-Mobile, and Verizon, has introduced the industry’s first fully managed private 5G network service. US enterprises now have access to cost-effective, high-performance 5G networks designed, deployed, and managed by one of the most trusted names in wireless networking. 

Network design, deployment, and management for the new service — which provides similar cost to and higher reliability, performance, and security than Wi-Fi — is conducted by Betacom through its world-class Network Operations Center (NOC), hosted on Microsoft Azure. BEnterprise customers own their networks and maintain local control of their data. 

Private 5G Services Accelerating

In recent months, private 5G networks have become increasingly prevalent, especially with the advent of new shared-spectrum connectivity options that expand enterprise access to wireless networks. In fact, industry experts agree that private 5G networks offer a more secure and higher performance environment than other networking options such as Wi-Fi or even Wi-Fi 6. 

A recent survey from TECHnalysis Research shows that 53% of US enterprises are planning to add private wireless networks — more than will be expanding Wi-Fi or upgrading to Wi-Fi 6. As Bob O’Donnell, president & chief analyst at TECHnalysis Research said, “Clearly, the buzz around 5G has created enough excitement and interest for the technology that IT managers and other tech leaders at companies of all sizes are eager to leverage it. Generally speaking, 5G and cellular networks in general are seen as having better security than unlicensed networks and, in some cases, lower latency, which can be critical for things like manufacturing environments.” 

Long History of Wireless Innovation 

Unlike others in the emerging Private 5G market, Betacom has a long and successful history of wireless deployments in mid-to-large enterprises leveraging carrier-class equipment and expertise to meet users’ most pressing connectivity needs. Having completed more than 800 design and deployment projects, Betacom inspires confidence among those who have worked closely with the company in the past.   

“Today’s announcement is the culmination of years of planning, testing and collaboration with our telecommunications partners and their customers, all of whom clearly see mutual benefits in the addition of the first fully-managed Private 5G network service to the growing number of stand-alone offerings in the market today,” said Johan Bjorklund, CEO of Betacom. “Our long experience in this market, our unmatched national presence and the technological advancements represented by our cloud native NOC that delivers full services and security all give us and our customers significant advantages in realizing the promise of 5G, owned by them and operated by us. We look forward to leading the way in this exciting new space.” 

About Betacom 

Betacom offers the first fully managed private 5G network, building on its long history as the primary outdoor and indoor DAS vendor to AT&T, T-Mobile, and Verizon. Founded in 1991 and headquartered in Bellevue, Wash., the company has offices in Seattle, Portland, San Francisco, Los Angeles, San Diego, Phoenix, Boston, Charlotte, Jacksonville, Orlando, Tampa, Miami, Mobile, New Orleans, Dallas, Austin, San Antonio, and Houston. Its private 5G wireless service is the first managed service of its kind in the United States.

Claroty Secures $140 Million Financial Round

Today must be cybersecurity day. I just wrote about open-source Software Bills of Materials, and now comes a venture funding announcement. Several years ago, a number of new cybersecurity companies sprang up. Most had some sort of tie to former Israeli army security professionals. At any rate, today’s news comes from Claroty which has landed $140 million in its Series D round. As you can tell from the release, the company is overjoyed with the cash infusion. From my perspective given that this market sector is already consolidating, I’d expect an acquisition in another year or so. (Not necessarily a bad thing. Founders are always looking toward an exit these days.)

Series D financial round, co-led by Bessemer Venture Partners and Standard Industries’ investment platform 40 North, breaks record for largest investment in industrial cybersecurity to date.

Claroty, the industrial cybersecurity company, today announced it has secured $140 million in a Series D financial round. The round marks the largest investment ever made within the industrial cybersecurity sector, establishing Claroty’s market leadership as the world grapples with an uptick in cyber attacks on critical infrastructure in recent months. The new funding will be used to accelerate the company’s expansion into new verticals and regions, as well as to further enhance its best-in-class product portfolio.

The round is co-led by Bessemer Venture Partners’ Century II fund, which is specifically designed for growth-stage market leading companies that will define the next century, and 40 North, the related investment arm of privately held global industrial company Standard Industries. Additional strategic investors include LG, the global innovator in technology and manufacturing, and I Squared Capital’s ISQ Global InfraTech Fund. All previous investors, including Team8 and long-time customers and partners Rockwell Automation, Siemens, and Schneider Electric, have also participated. The round brings the company’s total funding to $235 million.

“Our mission is to drive visibility, continuity, and resiliency in the industrial economy by delivering the most comprehensive solutions that secure all connected devices within the four walls of an industrial site, including all operational technology (OT), Internet of Things (IoT), and industrial IoT (IIoT) assets,” said Yaniv Vardi, CEO of Claroty. “With this new investment from the most prestigious firms in the world, we have the financial runway to execute on our proven product strategy in a hyper-growth market, with a world-class leadership team and a strong ecosystem of partners to take us there.”

There has been a clear and distinct shift since 2020 in the frequency and impact of cyber attacks against organizations that underpin the world’s critical infrastructure and supply chains. According to Cybersecurity Ventures, global ransomware damage costs are predicted to exceed $265 billion by 2031, up from $20 billion in 2021. As these incidents show no signs of slowing, Claroty’s new investment has firmly positioned the company at the forefront of the market with the resources, experience, and capabilities needed to shore up industrial cyber defenses for the future.

Claroty is trusted by the world’s leading organizations to protect their industrial assets, connections, and processes, with deployments in thousands of locations and facilities across all seven continents. For example, the company has worked closely with Pfizer to secure its COVID-19 vaccine supply chain in its race to meet unprecedented global demand. 

The round is the latest in a series of milestones for the company, including: 

  • 133% expected year-over-year (YoY) growth in new annual recurring revenue from 1H 2020 to 1H 2021
  • 110% YoY net new logo growth and 100% customer retention, including Coca-Cola EuroPacific Partners (Australia, Pacific, Indonesia) and IRPC Public Company Limited
  • 80 new employees hired in the Americas, EMEA, and APAC in 2021; on track to grow headcount by nearly 50% by end of year
  • Expanded partner coverage by 50% in 2020 with the addition of Deloitte, KPMG, PwC, CrowdStrike, Atos, Yokogawa, and others to its new FOCUS Partner Program
  • Released Claroty Edge, a new, patent-pending addition to The Claroty Platform and the industry’s first zero-infrastructure industrial cybersecurity solution
  • Named winner of ‘Best IOT/IIOT Security Solution’ in SC Awards Europe 2021
  • With over 120 ICS vulnerability disclosures to date, the Claroty Research Team leads the ICS threat research industry by far, helping Claroty’s strategic partners to deliver more secure products

Claroty will use the funds to meet rapidly accelerating global demand for The Claroty Platform’s visibility, threat detection, risk and vulnerability management, and secure remote access capabilities by expanding into new verticals and regions, growing global headcount, bolstering its commitment to securing IoT devices, and further empowering customers’ journey to the cloud.

“We launched Bessemer’s growth fund to invest specifically in clear market leaders,” said David Cowan, partner at Bessemer Venture Partners. “We are focused on helping the next generation of category-defining companies that have standout product-market fit, scalability, and a strong executive team. Since our first investment in Claroty in 2016, the company has continued to demonstrate that it has the best vision, team, and technology to address the unique challenges in the critical infrastructure security sector.”

“David Winter and I are passionate about investing in high-potential companies, especially those focused on building the industrial future,” said David Millstone, co-CEO of Standard Industries and co-CIO of 40 North. “Cybersecurity is a crucial component of that effort, and Claroty has proven itself as the most experienced, innovative, and visionary company in this industry. We look forward to working with its top-notch team to secure the new industrial revolution.”

About Claroty

Claroty is the industrial cybersecurity company. Trusted by the world’s largest enterprises, Claroty helps customers reveal, protect, and manage their OT, IoT, and IIoT assets. The company’s comprehensive platform connects seamlessly with customers’ existing infrastructure and programs while providing a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access—all with a significantly reduced total cost of ownership. Claroty is backed and adopted by leading industrial automation vendors, with an expansive partner ecosystem and award-winning research team. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America, and deployments on all seven continents. 

Linux Foundation Launches Research, Training, and Tools to Advance Adoption of Software Bill of Materials

My latest podcast topic contains thoughts on open source. This announcement from The Linux Foundation merges open source with the latest concerns about cybersecurity with several product launches regarding the Software Bill of Materials (SBOM). The industry continues to take small steps toward security. When a community gathers to work on a solution, it’s a big help.

Home to the industry’s most supported open standard for exchanging information about what is in software – SPDX – the Linux Foundation brings its complete resources to bear to support private and public sector supply chain security 

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, a new training course, and new software tools to accelerate the adoption of Software Bill of Materials (SBOMs). 

President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain.

The de-facto industry standard, and most widely used approach today, is called Software Package Data Exchange (SPDX). SPDX evolved organically over the last ten years to suit the software industry, covering issues like license compliance, security, and more. The community consists of hundreds of people from hundreds of companies, and the standard itself is the most robust, mature, and adopted SBOM in the market today. 

“As the architects of today’s digital infrastructure, the open-source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open-source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to generate and adopt SBOMs.” 

An SBOM is an account of the components contained in a piece of software. It can be used to ensure developers understand what software is being shared throughout the supply chain and in their projects or products and supports the systematic review of each component’s licenses to clarify what obligations apply to the distribution of the supplied software.

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM application. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics. For more information about the survey and to participate, please visit {Hilary blog}. 

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open-source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open-source tooling available to support the generation and consumption of an SBOM.

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your software using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes. It is easy to embed in automated processes such as continuous integration (CI) pipelines and is available for Windows, MacOS, and Linux.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open-source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration.

Finally a Fieldbus Convergence, Ethernet-APL Technology Now Available

Process manufacturing grew more and more complex, as well as more and more digital. Engineers needed better ways to communicate with field devices and instrumentation from control and operator stations. “We need a fieldbus,” they said.

Unfortunately, they didn’t get a fieldbus; they got many. There were angry magazine articles and resignations and recriminations as standards organizations didn’t approve one fieldbus for process applications. Every company through its proxy association wanted its technology recognized as a standard. And that is what happened. We had many standards.

Imagine my bemusement when after rearranging my schedule a bit to attend a 7 am (for me, 2 pm in Germany) press conference only to see the leaders of FieldComm, ODVA, and Profibus/Profinet International along with the leader of the OPC Foundation together discussing how this new Ethernet for Process manufacturing—Ethernet Advanced Physical Layer or Ethernet-APL—was the culmination of their work.

One physical network. The differing protocols? Well, heaven is still in the future, I guess.

Actually, this new network does solve many problems, bringing 10 Mbs Ethernet in standard cable and connector being intrinsically safe to the market. This is an example of collaborative work on a standard bringing great benefit to users.,

Following is today’s press release:

The numerous barriers to deploying high-speed Ethernet enabled instrumentation in hazardous process automation facilities are now resolved with the introduction of Ethernet-APL technology. Ethernet-APL is the new two-wire, intrinsically-safe physical layer suitable for use in demanding process automation applications.  Ethernet-APL’s benefits include dramatically improved communication speed, hazardous area reach, power to field instrumentation, and long cable runs. Leading standards development organizations FieldComm Group, ODVA, OPC Foundation, and PROFIBUS & PROFINET International (PI), as well as 12 major industrial project partners, have worked together successfully over the past three years under “The APL Project” to create this new physical layer solution for field instrumentation.  With the release of the specifications, engineering guidelines, and conformance test plans by The APL Project, end users can now expect components from leading suppliers, with first products now available from select vendors.

Ethernet-APL is an extension of the specification for Single-Pair Ethernet (SPE) based on 10BASET-1L, which can support every higher-order Ethernet communication protocol. By making adjustments to the physical layer, the requirements necessary for reliable operation in process-related plants are satisfied. The principal requirements are high-speed Ethernet based communications, operation in potentially explosive areas, and an ability to install long cable lengths of up to 1,000 meters. The electrical parameters that an Ethernet-APL device must meet to ensure “intrinsically safe” ignition protection are defined in the technical specification of the IEC TS 60079-47 (2-WISE or 2-Wire Intrinsically Safe Ethernet). 

The APL Project to bring Ethernet to the field has been underway for several years, and it is with much excitement and anticipation that this initial technology launch is announced. “We are very pleased to release the carefully crafted technology specifications and engineering guidelines to enable Ethernet-APL technology to start to transform the field of process plants,” commented Dr. Jörg Hähniche, Chair of the APL Steering Committee. “The high level of cooperation across multiple standards development and vendor organizations within the APL Project has resulted in one future oriented Ethernet physical layer for process automation. This technology launch is a key progress marker, and the development journey will continue now with products in the pipeline from significant industry partners.”

The APL Project has defined port profiles to create the Ethernet-APL concept for multiple power levels with and without explosion hazardous area protection. Ethernet-APL port profiles, including electrical power classes, shield connection options, and segment lengths, have been finalized. Markings on devices and instrumentation will indicate power level and function as sourcing or sinking. This will provide a simple framework for interoperability from engineering to operation and maintenance. Engineering guidelines and best practices for planning and installation are also now complete and available in an engineering directive document that will support users when designing and commissioning networks utilizing Ethernet-APL. This facilitates an easy transfer of knowledge for a smooth adoption of Ethernet-APL. Standard Ethernet diagnostic tools will assist new or seasoned instrument techs and engineers in their daily work, providing for a shallow learning curve. 

As a single physical layer, Ethernet-APL will be able to support EtherNet/IP, HART-IP, OPC UA, PROFINET, or any other higher-level network protocol. Activities are underway to finalize conformance testing at the leading standards development organizations that are a part of the APL Project. The test specifications now published will assure the quality of products and verify that a product complies with the parameters defined in the APL port profiles specification. The APL Project team has also cooperated with semiconductor manufacturers who will offer 10BASE-T1L Phys for Ethernet-APL on the market. Additionally, the 12 APL Project industry partners are finalizing development of products that will be available in the marketplace soon. The multivendor demonstration in Karlsruhe, Germany –  displayed digitally during ACHEMA Pulse showing participation across different product vendors and networks – highlights the multiple options and interoperability that Ethernet-APL will offer end users.

With the launch of Ethernet-APL, users can now anticipate a single Ethernet physical layer that can enable long cable reach, intrinsic safety, and application-level protocol support for maximum productivity and output. Products will be available in the market soon with conformance testing certification. Users can learn more about Ethernet-APL by visiting ethernet-apl.org and downloading the “Ethernet to the Field” white paper.

About FieldComm Group

FieldComm Group is a global standards-based organization consisting of leading process end users, manufacturers, universities and research organizations that work together to direct the development, incorporation and implementation of new and overlapping technologies and serves as the source for FDI technology. FieldComm Group’s mission is to develop, manage and promote global standards for integrating digital devices into automation system architectures while protecting process-automation investments in HART and FOUNDATION Fieldbus communication technologies. Membership is open to anyone interested in the use of the technologies.

About ODVA

About the OPC Foundation:
Since 1996, the OPC Foundation has facilitated the development and adoption of the OPC information exchange standards. As both advocate and custodian of these specifications, the Foundation’s mission is to help industry vendors, end-users, and software developers maintain interoperability in their manufacturing and automation assets. The OPC Foundation is dedicated to providing the best specifications, technology, process, and certification to achieve multivendor, multiplatform, secure, reliable, interoperability for moving data and information from the embedded world to the enterprise cloud. The Foundation serves over 815 members worldwide in the Industrial Automation, IT, IoT, IIoT, M2M, Industrie 4.0, Building Automation, machine tools, pharmaceutical, petrochemical, and Smart Energy sectors.

About PROFIBUS & PROFINET International (PI)

PI is a wide spread automation community in the world represented by 25 different Regional PI Associations and is responsible PROFIBUS and PROFINET, the two leading industrial communications protocols covering all industries. The common interest of PI’s global network of vendors, developers, system integrators and end users lies in promoting, supporting and using PROFIBUS and PROFINET. Regionally and globally over 1,500 member companies are working closely together around the world to the best automation possible. The organization’s global influence and reach is unmatched in the world of automation.

Industrial Controls Market Partnership of Process Automation and Cybersecurity

Partnerships remain crucial for success in today’s industrial market. This seems especially true for cybersecurity firms who need ways into integrating security into operational technology. This is the story of one such partnership.

Horizon Controls Group, a global digital process automation solutions and consultancy company, has announced a formal agreement with Verve Industrial, a leader in operational technology and industrial control systems (OT/ICS) cyber security technology and consulting solutions. This partnership allows both companies to expand collaboratively into new areas of highly sophisticated service and technology delivery engagements with manufacturing and research organizations in pharmaceutical, biopharmaceutical, and other life sciences. 

The increased publicity and attention to the unprecedented achievements of the pharmaceutical industry during the global pandemic have significantly increased the potential cyber-related threats to this critical infrastructure. While energy and other utilities such as water treatment have historically been targets of advanced persistent threats (APTs) from highly resourced, nation-state, or terrorist-backed organizations, the value of the pharmaceutical sector is increasingly apparent and, in many cases, lags the security posture that has developed in these other industries. 

Verve Industrial’s OT/ICS cyber security products and support services were selected by Horizon Controls Group as a powerful, targeted, and holistic solution to manage the sprawling ecosystem of myriad automation applications employed at any given pharmaceutical facility. 

“Horizon Controls Group provides consultation, design, execution, and support for the full project life cycle of automation process control systems (PCS), building automation systems (BAS), manufacturing execution systems (MES), and process historians, using industry standards and best practices,” said Youssef El-Bahtimy, Automation Information & Systems Manager at Horizon Controls Group. “Our team integrates data integrity, resiliency, manageability, and security principles into every project, not as an afterthought, bolt-on, or cost adder, but in a proactive quality by design (QbD) manner.”

El-Bahtimy continued: “We believe this is the new standard for a modern systems integrator, and a key differentiator to becoming more than just a service provider – being the trusted adviser that our clients require. We see the Verve Security Center (VSC) and the expertise of Verve Industrial’s team as an invaluable and versatile way to solve the challenges posed by the unique security, situational awareness, and manageability environment of the OT space.” 

“We are quite excited to join forces with Horizon Controls Group,” said Rick Kaun, VP of Solutions at Verve Industrial. “Their ‘trusted adviser’ status within their client base combined with their deep OT systems control abilities are a perfect match for the power and insight provided by our industry-leading VSC platform.”

About Horizon Controls Group
Horizon Controls Group is a full-service digital process automation company offering solutions including engineering design, systems integration, cyber security, and customized training. With corporate headquarters in Blue Bell, Pennsylvania, its European subsidiary is based in Cork, Ireland.

About Verve Industrial
Verve Industrial Protection has ensured reliable and secure industrial control systems for 25 years. Its principal offering, the Verve Security Center, is a unique, vendor-agnostic OT endpoint management platform that provides IT-OT asset inventory, vulnerability management, and the ability to remediate threats and vulnerabilities from its orchestration platform. Verve Industrial’s Design-4-Defense professional services support clients in ensuring their OT environments are designed and operated in a secure manner.