Introducing the Armis Critical Infrastructure Protection Program

The recent geo-political events of 2022 have forever altered the cyber threat landscape as we know it. No longer are nation-states and hacktivists lurking in the shadows. Cyber warfare is now a go-to means for softening targets or disrupting essential civilian services via cyber before physical warfare begins. And whereas aggressors once sought plausible deniability in attacks, many now seem to pursue cyberwarfare against government services, critical infrastructure, hospitals, and the like with impunity. Just consider how hackers targeted critical infrastructure and systems in Ukraine prior to the Russian invasion. Tanks rolled into eastern Ukraine after government facilities, utilities, and public service infrastructure was attacked not by bombs, but rather by cyberwarfare.

NATO member support for Ukraine has also drawn the ire of Russia, which is threatening retaliation for supplying arms and other resources to Ukraine defense efforts. Today, NATO member energy, pipeline, water, marine ports, and wastewater organizations face unprecedented cyber threats from state-based actors.
In the last six months alone, Armis has seen a 73 percent increase in Remote Desktop Protocol (RDP) exploits, including within critical infrastructure enterprises. With this alarming rise, and the increased cyberwarfare, Armis has created the complimentary Critical Infrastructure Protection Program (CIPP) as part of an all-hands-on-deck effort to support CISA’s Shields Up recommendations.

What is the Critical Infrastructure Protection Program?

Armis CIPP was specifically designed to address the needs of critical infrastructure organizations, and is being delivered in conjunction with specialist services partners and select system integrators like Kroll. Through its ability to shine a light on invisible unmanaged and managed assets, Armis CIPP helps eliminate the risks of the unknown within our critical infrastructure.

Armis CIPP is for organizations in at-risk NATO aligned countries and includes three months of complimentary access to the Armis unified asset intelligence platform and services. The platform has been purpose-built to service the needs of the CISA critical infrastructure sectors:

energy, pipeline, marine port, and water and wastewater.

Armis CIPP includes access to:

• Armis unified device visibility and security platform
• Operational Technology (OT) Policy Library
• Unlimited virtual collectors for passive network traffic analysis within IT or OT segments
• Additional on-prem hardware available on request* within OT segments
• Vulnerability, threat detection and threat intelligence engines
• Armis Security Architect and Deployment Manager
• Access to the Armis partner community, including Kroll, for detection, incident response, and forensic services
• Pre-built integrations for existing security platforms, such as scanners, firewalls, NACs, WLC, endpoint protection, and MDR solutions such as Kroll

Armis CIPP also includes pre-built integrations into existing security platforms such as scanners, firewalls, NACs, and xDR solutions, to compound overall efficacy of enterprise protection.

*Fees may apply

What You Can Expect:

• Expose the unknown – Full inventory of all wired and wireless devices connecting to the critical infrastructure
• Understand risk – Full device risk analysis,  including vulnerability and behavioral analysis
• Device connection study report – Expose vector of attack with device connectivity and interdependency mapping
• Segmentation and boundary analysis – Actionable analysis to fortify boundaries and eliminate unauthorized connections
• Software and hardware gap analysis – Understand hidden software and hardware gaps and risks
• Compliance support – Documentation and intelligence to comply with NERC-CIP, NIST, NISTIR 8228, and other compliance and regulatory requirements.
• Automated threat responses – Alerts of real-time threats and exploits forwarded to your SIEM, SOAR, or xDR solution
• Advanced reporting and analysis – Reports to satisfy compliance, regulatory, and auditing requirements
• Timely response to threat activities and incident response

Why NATO Countries?

Nation-state cyberwarfare is not limited to adjacent neighbors or active conflict participants. Aggressors may target other countries for any number of reasons, related (for example, supplying arms) or unrelated to the conflict. In 2021, the U.S. formally accused Nobelium, a state actor of Russia’s Foreign Intelligence Services, of carrying out the SolarWinds hack to infiltrate U.S. and EU government networks. The Nobelium attack altered the threat landscape for virtually every industry. And the operational technology (OT) and industrial control system (ICS) networks that support essential services face unprecedented risks.

Given the relative low costs of cyberwarfare versus conventional warfare, and its potential for sowing discord and chaos, cyberwarfare is an ideal tool for nations seeking to retaliate for perceived wrongs or to keep adversaries on a back foot. And for a nation with a military falling behind technically and tactically, while also struggling with crippling economic sanctions,it is likely especially attractive.

Today’s targets now extend well beyond the higher levels of the opposition governments; any organization is a potential target, with critical infrastructure and high-value targets at the top of the list. Simply taking a position on a conflict, or closing an office in the country of an aggressor, may expose your brand, operations, the safety of your employees, and even the  community around your operations.

Why Now?

For 2021, Check Point found that overall attacks on utility networks grew 46 percent to 736 per week per utility compared to 2020.¹ Moreover, with its Shields Up alert, CISA has warned that cyberwar attacks are likely to ramp up and last throughout the remainder of 2022 and beyond. For critical infrastructure organizations, this begs two questions: “What is the risk posture of our organization?” and “How safe is our critical infrastructure?”

Fortunately, it is not too late to initiate quick-to-deploy and impactful solutions that answer these very questions. Through CIPP, the Armis unified asset intelligence platform can in short order provide your organization with a clear understanding of its risk posture, including intelligence on vulnerabilities, patch levels, and the behavior of every connected IT and OT asset—managed and unmanaged—found within and around the enterprise. With minimal effort to deploy, Armis CIPP can help you answer the following questions, and more:

• What is connected to my network?
• What are these devices doing while connected?
• Is my IT infrastructure an avenue to my OT operations?
• Are there active exploits crossing my enterprise?
• What is the risk posture of our devices and our organization?
• How safe is our critical infrastructure?
• Do I have critical vulnerabilities within my OT network?

Given the urgent nature of this threat, there is no time to reconstruct a security stack. That’s why Armis CIPP is about providing complementary solutions that can feed real-time information into the existing platforms upon which you already rely, such as scanners, firewalls, NACs, and xDR solutions, compounding their value. Through Armis CIPP, the complementary resources that Armis has combined augment each other and integrate easily and quickly into the existing security stack, acting as a force multiplier.

In addition to properly identifying the attack surfaces and pinpointing vulnerabilities, the Armis platform maps all the connections in and out of segments and boundaries. Policies are drawn from the Armis Policy Library, which includes the MITRE ATT&CK for ICS Tactics Techniques, and Procedures. These pre-built libraries can trigger alerts, orchestrate remediation, as well as trigger detection and response services from our Armis CIPP partner ecosystem. The policies that support these efforts leverage the tools around them. Noise is the Achilles heel to readiness. Too much noise, and a threat passes you by. Properly built policies with detailed context about devices and their activities help us to understand what is noise, and what is worthy of action.

Are you ready to answer the question “What do I have, and what is it doing?”.

The Armis CIPP Program has been sunset at this time.

Learn more about the Armis OT Security Solution at https://www.armis.com/ot-device-security/

Sources:¹Check Point Research: Cyber Attacks Increased 50% Year over Year, Check Point, 2022.