Armis Also Attained 100% Coverage When Tested Against the Threat of Russian-Linked TRITON Malware Tactics
Armis, the #1 unified asset visibility and security platform provider announced its official participation in MITRE Engenuity’s initial round of ATT&CK® Evaluations for industrial control systems (ICS). In these tests, MITRE Engenuity used the MITRE ATT&CK® knowledge base to emulate the tactics and techniques used in the TRITON malware attack against a petrochemical facility in Saudi Arabia. This malware was used to interact with Triconex Safety Instrumented Systems (SIS) and represents the first publicly reported incident demonstrating a targeted attack with a known effect to an operational SIS. Armis provided 100% visibility of all IT & OT/ICS assets with real-time detection of all initial access and lateral movement. In addition, Armis achieved 100% coverage of all MITRE Engenuity ATT&CK Evaluations for ICS tactics.
Recommended ITech News: Google Cloud Region Goes Live in Delhi NCR in India
“MITRE’s ATT&CK knowledge base is widely recognized as the industry standard for tracking adversarial tactics and techniques, and these ICS evaluations are a crucial validation of the power of the Armis platform,” said Christopher Dobrec, Vice President, Product Marketing, Armis. “Recent attacks on water plants, oil and gas pipelines and other critical infrastructure prove that cyber resilience in these sectors is critical to ensure continued operations and even national security. Armis clearly stands up to MITRE Engenuity’s rigorous testing which means it will detect specific behaviors of potentially devastating malware like TRITON and can play a key role in securing OT and ICS environments.”
TRITON malware targets safety systems, preventing operators from responding to failures, hazards and other unsafe conditions, potentially causing physical destruction that can lead to fatal consequences. Russia’s Central Scientific Research Institute of Chemistry and Mechanics was responsible for developing TRITON which enabled the attack against safety controllers in a Saudi refinery causing them to enter a failed safe state in an ultimately unsuccessful attack. This led the U.S. Department of Treasury to impose sanctions against the institute.
Recommended ITech News: EMPEQ Unveils New FastSiteSurvey Data Capture & Reporting App to Transform
The Armis platform is the leading unified asset visibility and security solution to provide ultimate OT/ICS and IT visibility that addresses the expanding threat landscape of managed, unmanaged, ICS, OT, IoT, and IoMT devices. Armis discovers every device in an environment, tracks its behavior, detects active vulnerabilities and threats, and protects critical business information and systems. Armis passively monitors all traffic on the network and in the airspace to identify and classify every device and to understand each device’s behavior without disrupting its operation. Core to the Armis Platform is our Device Knowledgebase which tracks over one billion devices—and growing. The Device Knowledgebase contains unique device profile information which is used to understand not only what the device is and what it is doing, but what it should be doing. When a device operates outside of its baseline, Armis can automatically remediate any threat.
“There are many products that offer different approaches to detecting ICS attacks, and these evaluations can help security practitioners better understand how they meet their organization’s needs in areas including the stage of attack when the detections occur, the types of data sources that can be collected and how information may be presented,” said Otis Alexander, who led the ATT&CK Evaluations for ICS. “Few organizations have the time and resources to install and test multiple products as they make decisions on what they need to defend their network, therefore our evaluations are intended to take some of the guesswork out of the process and provide clarity about how security products detect adversary activity.”
Recommended ITech News: Global Growth Executive joins Headspring as Chief Commercial Officer
