FAQ

Get quick answers to our most frequently asked questions with links to additional reading and valuable downloadable resources.

Not finding what you’re looking for? Ask us below.

OT / ICS

Vulnerability scanning is a process whereby computing endpoints of interest are virtually probed for vulnerabilities, security weaknesses, and security gaps. Scanning is a methodology built to probe for weakness, whether known CVE's, system flaws, open ports, or misconfigurations. Although commonly found within the IT side of the house, scanning for weaknesses on the IoT and OT side has long been debated, with endless ...
Simply put, metadata is data about data. It describes and provides information about other data. In the context of “Discovering asset metadata of OT devices,” we are talking about metadata within operational devices that reside on SCADA networks, DCS networks, or OT networks as a whole. Take for example an Allen-Bradley PLC. Metadata about this type of device may simply be its make, model, and its manufacturer. A s...
The overall drive to converge IT networks with OT networks is the valuable insights extracted to improve safety, uptime, maintenance, regulatory and compliance, analytics, and performance. Together, these components help to drive a business’s competitive position in its marketplace. If this sounds a lot like Industry 4.0, you would not be wrong.  As defined, Industry 4.0 is akin to the Fourth Industrial Revoluti...
Air gapping an OT network is conceptually isolating a device or group of devices from external connectivity. External connectivity can be that of any device or network not defined by the air-gapped network. Although air gapping is a good concept in principle, it can often lead to unintended consequences as it can bring a false sense of security with it. One will nary find a detractor to air gapping the most critical of...
Network segmentation is a layer of physical security that cordons off a network from other networks, separating an OT network from an IT network, a guest network from a corporate network, or one critical manufacturing network from another. A common segmentation practice is often found within critical infrastructures such as oil and gas, power, utilities, aerospace, transportation, manufacturing, and other critical vert...
In January 2020, MITRE followed up its MITRE ATT&CK Framework from 2013 with the MITRE ATT&CK Framework for ICS to address threats to human life and the physical environment found with our ICS networks. It is a framework that deftly maps technologies adversaries use to affect industrial control systems and help inform their defenses. Made up of Tactics and Techniques (TPP), the framework aims to help mitigate the ...

Asset Management

As industrial control systems, specifically SCADA and DCS systems, become increasingly available to intruders and adversaries, it is time to look at how we secure these critical assets. Oftentimes, industrial devices are set in networks for decades at a time. It is impossible to predict what tomorrow's vulnerabilities and risks will look like, and as yesterday's industrial devices prove, nobody expected vast interconne...

Armis Platform

Traditionally, IT and Security solutions that provide endpoint monitoring capabilities require that an agent be installed on the device to be monitored. These agents will record the local device’s activity from a network, application, and operating system perspective and then forward that information to a monitoring server.  While agent technique is effective, it has several drawbacks:   Agents must...

Network Segmentation

Network Segmentation Test is a key component of network segmentation deployment and ongoing regular operation tasks. It typically involves a series of manual or semi-automated security and network checks to ensure that the communication between different network segments works properly as designed. There are no security holes or gaps that attackers could exploit. The test uses a combination of many different approaches...

Frameworks

The US government formed the National Institute of Standards and Technology, or NIST Cybersecurity Framework to protect the nation's most critical assets, defined by NIST SP 800-30, Rev. 1 “system and assets, whether physical or virtual, are so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public...
All Cyber Security Frameworks (CSFs) have their roots in Risk Management Frameworks (RMFs), and all begin with an “Identify” phase. This is when the organization gathers information about the essential services the organization provides and hypothesizes how damage, which is calculated by a loss in either Confidentiality, Integrity, or Availability may be encountered and avoided, or otherwise managed by the organizatio...
The NIST Cybersecurity Framework (NIST CSF) provides a multi-step process to implement what is known as best practices when protecting our assets and infrastructure. NIST has detailed 5 critical functions that need adherence: IdentifyProtectDetectRespondRecover NIST recommends a 7-step process to establish a cybersecurity program: Prioritize and ScopeOrientCreate a Current ProfileConduct a Risk AssessmentCreat...

Threat Detection & Response

Why do ransomware attacks keep happening? With ransomware attacks on the rise, many companies are looking for ways to limit their exposure to this potentially expensive cyberattack. According to Coveware's 2020 study, enterprise organizations paid up to $780K in ransom payments per event. Smaller businesses lose, on average, $200K in downtime and recovery costs, with many of them filing bankruptcy due to the event. (CN...
The beating heart of almost everyone’s cyber operation is the Security Operation Centre and its analysts. Whether you have outsourced some or all of the layers in a SOC, three things remain consistent. you can’t outsource the risk.you have too many alerts and not enough people.measurement and metrics are highly visible. Making the SOC effective is the single most important function in detection and protection co...