Best Practices for Securing Industrial Environments, Part 3: Build a Vulnerability Management Plan

With CrowdStrike, Claroty has a valuable partner who shares a common mission to secure industrial environments, succeeds in providing one of the best solutions available, and whose willingness to innovate has yielded remarkable results.

In celebration of this partnership, CrowdStrike and Claroty have come together to recommend 6 Best Practices for Securing Industrial Environments. These six steps can be considered a recommendation for organizations deploying both an Endpoint Detection and Response (EDR) solution — such as CrowdStrike Falcon—and a broader network security solution—such as Claroty Continuous Threat Detection (CTD).

This blog series will seek to take a deeper look at each recommended practice, the reasoning behind its necessity, and the manner in which the CrowdStrike-Claroty joint solution addresses each one. The previous best practices in this series are “Secure the Known” and “Discover the Unknown & Build Comprehensive Visibility.”

Best Practice #3: Build a Vulnerability Management Plan

An effective vulnerability management plan is dependent on having an accurate and up to date understanding of your organization’s network components. For each network and its assets, it is vital to know what exactly is connected and active on the network — whether those assets are managed or unmanaged. This understanding is built on the foundation of comprehensive visibility, which extends to not only knowing what you have but also to the characteristics and activities of what you have. Within the Claroty Continuous Threat Detection (CTD) solution, this information is readily available and presented in an easy to digest manner.

The above example shows the information available within CTD for a given device, in this case we are looking at an AllenBradley® by Rockwell Automation ControlLogix® module — which is also a quick and easy option for deployment of the Claroty Edge discovery solution. More information on this flexible option can be found in the joint solution brief.

Asset information is exchanged between CrowdStrike Falcon and Claroty CTD, allowing Falcon’s IT coverage and CTD’s XIoT — the Extended Internet of Things, which in industrial environments is composed of OT, IoT, and IIoT — insights to inform a holistic risk and vulnerability posture. Vulnerabilities are rated by CTD to develop a risk score to better address the most critical and easily exploited exposures present in each environment. Having all vulnerabilities categorized in such a manner allows organizations to triage and prioritize their mitigation efforts, taking on the most dangerous and impactful gaps in security first.

Using the provided risk scoring and vulnerability assessments as a guide makes it much easier for organizations to develop a plan and move onto next steps. Every organization is unique, and each will no doubt require some tailoring depending on their priorities and the nature of their operations. Such considerations should always be kept in mind when creating a vulnerability management plan, but the core necessities and the appropriate strategy for breaking down the often overwhelming totality of open vulnerabilities remains the same across all organizations.

When it comes time to act on the vulnerability plan you have developed, we suggest taking it one item at a time and one day at a time. Try to assume the healthy attitude that the mitigation steps you are working through today have all made your networks more safe and secure than they were yesterday. Over time, you will find that your greatest risks have been acted on and the dangers to your operations and processes have been greatly reduced.

To learn more, read CrowdStrike and Claroty’s 6 Best Practices for Securing Industrial Environments white paper.