Operational Technology Vulnerability Solution Management

  • Release version: Washingtondc
  • Updated August 13, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Solution Management

    Operational Technology Vulnerability Solution Management, introduced in the Xanadu version, streamlines the process of addressing vulnerabilities in IT environments. It automates the correlation of vulnerability findings with appropriate remediation solutions, saving time and reducing errors for security and IT teams in large organizations. This feature is essential for identifying and prioritizing remediation actions based on the severity of vulnerabilities.

    Show full answer Show less

    Key Features

    • Automated Correlation: Links vulnerability findings to remediation actions and allows prioritization by risk severity.
    • Compensating Controls: Provides options to mitigate risks for vulnerabilities that cannot be patched immediately.
    • CSAF Support: Utilizes the Common Security Advisory Framework (CSAF) for structured, machine-readable security advisories, facilitating faster information exchange.
    • Flexible Data Import: Supports importing CSAF data from various sources, including individual vendors, ROLIE feeds, and trusted providers like CISA.
    • Configuration Assistant: Simplifies setup through a dedicated assistant for configuring vulnerability solution providers.

    Key Outcomes

    By leveraging Operational Technology Vulnerability Solution Management, customers can expect improved efficiency in managing vulnerabilities, enhanced accuracy in remediation tasks, and streamlined processes for integrating security advisories. The automatic mapping of solutions to vulnerabilities reduces manual effort and minimizes the risk of oversight, ultimately strengthening the organization’s security posture.

    Starting from the Xanadu version, Operational Technology (OT) Vulnerability Solution Management is a feature available within the Operational Technology Vulnerability Response application.

    Security and IT teams often spend a significant amount of time and effort to research vulnerability findings and identify the most effective solutions for their environment. In large organizations, translating vulnerability findings into remediation tasks is a manual, tedious, and error-prone process due to the volume and complexity of the vulnerabilities.

    OT Vulnerability Solution Management automatically correlates the vulnerability findings in your environment with possible solutions that remediate them. You can identify the remediation actions that apply to your vulnerabilities and prioritize them by the severity of the vulnerability risk. Also, you can mitigate the risk posed by vulnerabilities that cannot be patched immediately by using compensating controls for OT. For more information, see Use compensating controls for Operational Technology.

    The OT Vulnerability Solution Management feature is based on the feature available in the Vulnerability Response application. For more information on Vulnerability Solution management, refer to Vulnerability Solution Management.

    OT Vulnerability Solution Management supports the generic format for solution intelligence integration. The generic framework for solution intelligence integration ingests data in different file formats from solution vendors. These formats speed up information exchange and processing. It also improves critical security-related information sharing in a standardized reporting format. The supported file format is the Common Security Advisory Framework (CSAF), which is an open-source standard that provides JSON-based structured, machine-readable security advisories. Major vendors such as Cybersecurity & Infrastructure Security Agency (CISA), Siemens, Hitachi, Schneider Electric, and others support the CSAF format.

    The CSAF supported solution management includes the following key features:
    • Configuration through Setup Assistant. For more information, see Configure vulnerability solution providers.
    • Support of importing CSAF data through file import. For more information, see Import Common Security Advisory Framework data through file import.
    • Support of importing CSAF data through CSAF URL. For more information, see Import Common Security Advisory Framework (CSAF) data through CSAF URL. OT Vulnerability Solution Management enables you to import CSAF data from:
      • Individual vendors that support CSAF format and have a CSAF URL ROLIE Feed. You can use the CSAF URL ROLIE Feed provided by the vendor to import the CSAF data. For example, the Siemens URL ROLIE Feed.
      • CSAF Aggregators or Trusted Providers through a URL import that supports the ROLIE Feed. You can import CSAF data of multiple vendors from a Trusted Provider. For example, CISA is a Trusted Provider and you can import CSAF data of multiple vendors from the Industrial Control System (ICS) CSAF advisories located at the CISA’s GitHub CSAF repository. These vulnerability solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs). Using a Trusted Provider reduces the time and effort required to import CSAF data from individual vendors' CSAF URLs.
    • Support of importing CSAF data through advisories or using the APIs. For more information, see Import Common Security Advisory Framework data from advisories.
    Note:
    Navigate to All > Vulnerability Response > Solutions > All to view the list of solutions you have imported using the preceding methods.

    The Vulnerability Response plugin takes care of updating the metrics statuses of the created solution.