FAQ

Get quick answers to our most frequently asked questions with links to additional reading and valuable downloadable resources.

Not finding what you’re looking for? Ask us below.

Ransomware

Cyberattacks threaten organizations’ data, operations, and revenue. In 2021, the average cost of an enterprise data breach rose to $4.24 million, and data breaches related to cyberattacks increased by 27 percent over 2020.  Total asset visibility and intelligence creates the foundation for stronger cyberattack protection. Device identification More than a third of devices in the typical organization’s en...
Extended Detection and Response (XDR) is a security solution capable of unifying several threat defense tools into a holistic approach.  In its Market Guide for Extended Detection and Response, Gartner defines XDR as "a platform that integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components." EDR vs. XDR: What's the difference? While Endpoint D...
SOC stands for security operations center. SOC is a team or facility dealing with security issues within an organization. The goal is to detect, assess, and respond to security threats, increasing the organization's resilience and helping to meet regulatory requirements. There are different models for a SOC strategy, from in-house operations to outsourced resources. Large companies might have a dedicated facility where...
Ransomware attacks have been a lucrative business model for criminals, with large payouts. The average ransom payment is almost a quarter-million dollars, according to a 2021 IDC survey which found that one-third of organizations around the world were ransomware victims over the previous year. What is ransomware? Ransomware is a malware program that encrypts files on computer systems, making them unusable. Attacker...

Healthcare

Internet of Medical Things (IoMT) refers to medical devices and applications with Internet connectivity. It's a subset of Internet of Things (IoT) and, for this reason, is often referred to as IoT in healthcare. The overall category of IoT devices is typically more consumer-oriented, focusing on usability and convenience. IoT devices include smart TVs, lighting apps, voice assistants—really any number of smart, conne...

Vulnerability Management

Vulnerability management is a technical practice that maps the “output of information security technology to define the risk priorities for organizations.” Mapping and managing vulnerabilities requires several processes, including:  Assessing threats and vulnerabilities.Knowing acceptable configurations and policies.Identifying deviations from those accepted practices.Determining risk levels.Offering remediati...

Cybersecurity

Cyber hygiene, also known as cybersecurity hygiene, is a set of practices focused on regularly maintaining the health and security of an organization’s users, devices, networks, and data. Cyber hygiene aims to keep confidential information safe and secure from potential cyber threats and attacks.  Why is cyber hygiene important? Lack of cyber hygiene puts businesses at risk of cyberattacks, which can lead to ...

OT / ICS

SOAR stands for Security Orchestration, Automation, and Response. Each of those categorical functions in a SOAR tool combine to help streamline security operations and accelerate responses to threats, strengthening cybersecurity across the entire organization. Orchestration for comprehensive cybersecurity Orchestration requires identifying and monitoring all devices in the environment, including computers and server...
Vulnerability scanning is a process whereby computing endpoints of interest are virtually probed for vulnerabilities, security weaknesses, and security gaps. Scanning is a methodology built to probe for weakness, whether known CVE's, system flaws, open ports, or misconfigurations. Although commonly found within the IT side of the house, scanning for weaknesses on the IoT and OT side has long been debated, with endless ...
Simply put, metadata is data about data. It describes and provides information about other data. In the context of “Discovering asset metadata of OT devices,” we are talking about metadata within operational devices that reside on SCADA networks, DCS networks, or OT networks as a whole. Take for example an Allen-Bradley PLC. Metadata about this type of device may simply be its make, model, and its manufacturer. A s...
The overall drive to converge IT networks with OT networks is the valuable insights extracted to improve safety, uptime, maintenance, regulatory and compliance, analytics, and performance. Together, these components help to drive a business’s competitive position in its marketplace. If this sounds a lot like Industry 4.0, you would not be wrong.  As defined, Industry 4.0 is akin to the Fourth Industrial Revoluti...
Air gapping an OT network is conceptually isolating a device or group of devices from external connectivity. External connectivity can be that of any device or network not defined by the air-gapped network. Although air gapping is a good concept in principle, it can often lead to unintended consequences as it can bring a false sense of security with it. One will nary find a detractor to air gapping the most critical of...
Network segmentation is a layer of physical security that cordons off a network from other networks, separating an OT network from an IT network, a guest network from a corporate network, or one critical manufacturing network from another. A common segmentation practice is often found within critical infrastructures such as oil and gas, power, utilities, aerospace, transportation, manufacturing, and other critical vert...
In January 2020, MITRE followed up its MITRE ATT&CK Framework from 2013 with the MITRE ATT&CK Framework for ICS to address threats to human life and the physical environment found with our ICS networks. It is a framework that deftly maps technologies adversaries use to affect industrial control systems and help inform their defenses. Made up of Tactics and Techniques (TPP), the framework aims to help mitigate the ...

Asset Management

Internet of Things (IoT) devices is a term to describe hardware assets connected to the Internet that can transmit data with other devices and systems online. We use IoT technology everyday in both our personal and professional lives to increase productivity and efficiency. What is an example of an IoT device? IoT devices are often categorized by either Consumer Internet of Things (CIoT) or Industrial Internet of Th...
Asset management in cloud computing identifies, assesses, and monitors cloud instances, cloud-based and hybrid virtual machines, and their contents to protect the organization. That seems simple enough, but it’s easy to overlook or underestimate the need for comprehensive cloud asset management in the growing complexity of organizational assets. Why is cloud asset management such a challenge? Here are some key reason...
Internet of Things (IoT) devices do everything from streamlining or automating tasks to helping improve usability of an asset to helping organizations automatically track their key performance indicators (KPIs) so they can improve their processes and optimize efficiency. But they also expose businesses to increased cybersecurity risks.   As the number of connected devices grows, so does the attack surface (i.e., all ...
The purpose of IT asset management (ITAM) is to have a complete inventory and control of an organization's software and hardware. ITAM is critical to improving cybersecurity and minimizing cyberattacks and breaches. What is IT asset management (ITAM)? IT Asset Management (ITAM) is the practice of managing and optimizing information technology (IT) assets, such as computers, databases, systems, applications, and netw...
As industrial control systems, specifically SCADA and DCS systems, become increasingly available to intruders and adversaries, it is time to look at how we secure these critical assets. Oftentimes, industrial devices are set in networks for decades at a time. It is impossible to predict what tomorrow's vulnerabilities and risks will look like, and as yesterday's industrial devices prove, nobody expected vast interconne...

Armis Platform

In cybersecurity, UEBA is the acronym for user and entity behavior analytics. UEBA is a practice or solution that, as the name says, analyzes behavior. The goal is to find threats by spotting user and device behavior that doesn’t align with known good behavior for those users and entities or for similar users and entities. Because UEBA tools look at behavior rather than malicious code, they offer security coverage that ...
Traditionally, IT and Security solutions that provide endpoint monitoring capabilities require that an agent be installed on the device to be monitored. These agents will record the local device’s activity from a network, application, and operating system perspective and then forward that information to a monitoring server.  While agent technique is effective, it has several drawbacks:   Agents must...

Network Segmentation

Network lateral movement, or lateral movement, refers to cyberattackers’ techniques to move through a network. Lateral movement allows the cybercriminal to move deeper into the compromised system to locate sensitive data and access privileged information. After gaining access to the system, the cybercriminal impersonates an authorized user and moves throughout the network to achieve their objective. The attacker gath...
In cybersecurity, macrosegmentation is another way to describe standard network segmentation practices. Network segmentation is the division of an organization’s network into smaller segments that are protected by firewalls. This kind of segmentation is a security best practice recommended by the National Institute of Standards and Technology (NIST), the Purdue reference architecture, and other frameworks. The goal is t...
Microsegmentation in cybersecurity creates small zones within or adjacent to existing network segments to make it harder for malicious communications and activity to move throughout the network. By preventing lateral movement within zones protected by a firewall, network microsegmentation can limit the impact of external attacks, malware infections, and unauthorized internal user access. To be effective, microsegmentation...
Network Segmentation Test is a key component of network segmentation deployment and ongoing regular operation tasks. It typically involves a series of manual or semi-automated security and network checks to ensure that the communication between different network segments works properly as designed. There are no security holes or gaps that attackers could exploit. The test uses a combination of many different approaches...

Frameworks

Zero Trust is a security model that seeks to prevent malicious actors from breaching your network and moving laterally across it.  Per the Department of Defense (DOD) Zero Trust Reference Architecture, "The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted."  This cybersecurity framework requires continuous ver...
The CIS Critical Security Controls (CIS Controls) are a set of actionable best practices that organizations should prioritize to improve their cybersecurity posture. ormerly known as the SANS Critical Security Controls (SANS Top 20 Controls), these guidelines are now published by the Center for Internet Security (CIS). An international community of experts updates the list of controls periodically. In its current versi...
The US government formed the National Institute of Standards and Technology, or NIST Cybersecurity Framework to protect the nation's most critical assets, defined by NIST SP 800-30, Rev. 1 “system and assets, whether physical or virtual, are so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public...
All Cyber Security Frameworks (CSFs) have their roots in Risk Management Frameworks (RMFs), and all begin with an “Identify” phase. This is when the organization gathers information about the essential services the organization provides and hypothesizes how damage, which is calculated by a loss in either Confidentiality, Integrity, or Availability may be encountered and avoided, or otherwise managed by the organizatio...
The NIST Cybersecurity Framework (NIST CSF) provides a multi-step process to implement what is known as best practices when protecting our assets and infrastructure. NIST has detailed 5 critical functions that need adherence: IdentifyProtectDetectRespondRecover NIST recommends a 7-step process to establish a cybersecurity program: Prioritize and ScopeOrientCreate a Current ProfileConduct a Risk AssessmentCreat...

Threat Detection & Response

The average total cost of a data breach in 2021 was $4.24 million—a 10% increase from 2020, according to the IBM Security Cost of a Data Breach Report 2021. Depending on the organization’s security posture, the cost of a breach can drastically vary.  Costs associated with a data breach IBM reported four key categories that contribute to the cost of a data breach: lost business cost (38%), detection and escalati...
Cybersecurity is the group of best practices that keeps intruders out of business networks, healthcare systems, industrial control networks, critical infrastructure, and other systems. It prevents the exposure of sensitive data to criminals and state actors, stops ransomware attacks that can disrupt an organization’s daily operations, and prevents remote takeovers of computers, equipment, and other assets.  Cybe...
SIEM (“sim”) is a cybersecurity acronym for security information and event management. Part of traditional IT security, SIEM solutions collect and analyze asset and event logs and other data to support threat detection and management. By aggregating and analyzing event data from an enterprise’s networks and other assets, SIEM tools help monitor for and detect anomalies, alerting the security operations center to pot...
EDR stands for endpoint detection and response. EDR is a security strategy that matters now more than ever given the skyrocketing growth of endpoints across the internet of things (IoT), internet of medical things (IoMT), OT, 5G, and smart devices. Every new endpoint expands an organization’s attack surface, and many endpoints are unmanaged and effectively invisible to legacy security tools and solutions.  Defin...
Attackers often seek to insert their own code into target apps, systems, and devices to change how a program runs, gain unauthorized access to data and systems, or control a network, system, or device remotely. SQL injection, cross-site scripting, and remote file injection are some common code injection attacks. What’s vulnerable to code injection attacks? Anything that runs on code and isn’t properly secured ca...
With ransomware attacks on the rise, many companies are looking for ways to limit their exposure to this potentially expensive cyberattack. According to Coveware's 2020 study, enterprise organizations paid up to $780K in ransom payments per event. Smaller businesses lose, on average, $200K in downtime and recovery costs, with many of them filing bankruptcy due to the event. (CNBC, 2019) What is ransomware? According...
The beating heart of almost everyone’s cyber operation is the Security Operation Centre and its analysts. Whether you have outsourced some or all of the layers in a SOC, three things remain consistent. you can’t outsource the risk.you have too many alerts and not enough people.measurement and metrics are highly visible. Making the SOC effective is the single most important function in detection and protection co...