FAQ

Get quick answers to our most frequently asked questions with links to additional reading and valuable downloadable resources.

Not finding what you’re looking for? Ask us below.

OT / ICS

Also known as a building automation system, building control, or building management and control system, a building management system is a digital interface that monitors and manages building operations to ensure safety and smooth operations.  A BMS can manage electrical and mechanical services, including supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), field devices...
With the Industrial Internet of Things (IIoT) driving the adoption of cloud computing, artificial intelligence (AI), and robotics in factories, manufacturing companies face not only improved efficiency but also increased security concerns. Top 5 security threats in manufacturing As cyber-physical systems collect operational data and integrate all elements of a supply chain, the ...
SOAR stands for Security Orchestration, Automation, and Response. Each of those categorical functions in a SOAR tool combine to help streamline security operations and accelerate responses to threats, strengthening cybersecurity across the entire organization. Orchestration for comprehensive cybersecurity Orchestration requires identifying and monitoring all devices in the environment, including computers and server...
What is operational technology scanning? Vulnerability scanning is a process whereby computing endpoints of interest are virtually probed for vulnerabilities, security weaknesses, and security gaps. Scanning is a methodology built to probe for weakness, whether known CVE's, system flaws, open ports, or misconfigurations.Although commonly found within the IT side of the house, scanning for weaknesses on the IoT and OT side...
Simply put, metadata is data about data. It describes and provides information about other data. In the context of “Discovering asset metadata of OT devices,” we are talking about metadata within operational devices that reside on SCADA networks, DCS networks, or OT networks as a whole. Take for example an Allen-Bradley PLC. Metadata about this type of device may simply be its make, model, and its manufacturer. A s...
The overall drive to converge IT networks with OT networks is the valuable insights extracted to improve safety, uptime, maintenance, regulatory and compliance, analytics, and performance. Together, these components help to drive a business’s competitive position in its marketplace. If this sounds a lot like Industry 4.0, you would not be wrong.  As defined, Industry 4.0 is akin to the Fourth Industrial Revoluti...
Air gapping an OT network is conceptually isolating a device or group of devices from external connectivity. External connectivity can be that of any device or network not defined by the air-gapped network. Although air gapping is a good concept in principle, it can often lead to unintended consequences as it can bring a false sense of security with it. One will nary find a detractor to air gapping the most critical of...
Network segmentation is a layer of physical security that cordons off a network from other networks, separating an OT network from an IT network, a guest network from a corporate network, or one critical manufacturing network from another. A common segmentation practice is often found within critical infrastructures such as oil and gas, power, utilities, aerospace, transportation, manufacturing, and other critical vert...
In January 2020, MITRE followed up its MITRE ATT&CK Framework from 2013 with the MITRE ATT&CK Framework for ICS to address threats to human life and the physical environment found with our ICS networks. It is a framework that deftly maps technologies adversaries use to affect industrial control systems and help inform their defenses. Made up of Tactics and Techniques (TPP), the framework aims to help mitigate the ...

Asset Management

Finding all devices in your network can be challenging because hundreds, if not thousands, of devices are connected to enterprise networks at any given time. These can be end-user devices, such as laptops and phones, or network-capable Internet of Things (IoT) assets, such as smart TVs, printers, and security cameras. While end-user devices such as computers support traditional cybersecurity agents, many other operational...
IT asset discovery tools automate the identification and cataloging of an organization's digital assets. These solutions work by gathering information through a combination of network discovery methods (agent-based vs agentless).  IT asset management discovery tools are crucial for modern enterprise cybersecurity, which is marked by an expanding attack surface due to a proliferation of cloud computing, bring-your-...
IT asset management (ITAM) is the process of managing and maintaining IT assets, such as devices, applications, networks, and databases. Cybersecurity best practices require organizations to have complete knowledge and visibility over all assets within their network. A configuration management database (CMDB) stores all asset data related to hardware and software configurable items (CIs) on the network. CIs are include...
Although technical debt is often used in software development, this term can be applied to any technical project.  In IT infrastructure, technical debt is the implied cost of not maintaining technology devices, such as computers, servers, and applications, at a state where the organization and technology landscape requires them to be. These outdated systems and components are also often known as legacy infrastruct...
In cybersecurity, technical debt refers to the implied cost of not updating technology assets such as laptops, computers, network components, software, operating systems, and applications, to maintain a minimum working condition and security posture required by the organization based on the current technology and threat landscape.  Tech debt can create vulnerabilities, leading to an increased risk of cyberattacks....
Internet of Things (IoT) devices is a term to describe hardware assets connected to the Internet that can transmit data with other devices and systems online. We use IoT technology everyday in both our personal and professional lives to increase productivity and efficiency. What is an example of an IoT device? IoT devices are often categorized by either Consumer Internet of Things (CIoT) or Industrial Internet of Thing...
Asset management in cloud computing identifies, assesses, and monitors cloud instances, cloud-based and hybrid virtual machines, and their contents to protect the organization. That seems simple enough, but it’s easy to overlook or underestimate the need for comprehensive cloud asset management in the growing complexity of organizational assets. Why is cloud asset management such a challenge? Here are some key reason...
Internet of Things (IoT) devices do everything from streamlining or automating tasks to helping improve usability of an asset to helping organizations automatically track their key performance indicators (KPIs) so they can improve their processes and optimize efficiency. But they also expose businesses to increased cybersecurity risks.   As the number of connected devices grows, so does the attack surface (i....
The purpose of IT asset management (ITAM) is to have a complete inventory and control of an organization's software and hardware. ITAM is critical to improving cybersecurity and minimizing cyberattacks and breaches. What is IT asset management (ITAM)? IT Asset Management (ITAM) is the practice of managing and optimizing information technology (IT) assets, such as computers, databases, systems, applications, and network...
As industrial control systems, specifically SCADA and DCS systems, become increasingly available to intruders and adversaries, it is time to look at how we secure these critical assets. Oftentimes, industrial devices are set in networks for decades at a time. It is impossible to predict what tomorrow's vulnerabilities and risks will look like, and as yesterday's industrial devices prove, nobody expected vast interconne...

Armis Platform

In cybersecurity, UEBA is the acronym for user and entity behavior analytics. UEBA is a practice or solution that, as the name says, analyzes behavior. The goal is to find threats by spotting user and device behavior that doesn’t align with known good behavior for those users and entities or for similar users and entities. Because UEBA tools look at behavior rather than malicious code, they offer security coverage that ...
Traditionally, IT and Security solutions that provide endpoint monitoring capabilities require that an agent be installed on the device to be monitored. These agents will record the local device’s activity from a network, application, and operating system perspective and then forward that information to a monitoring server.  While agent technique is effective, it has several drawbacks:   Agents must...

Network Segmentation

Network access control (NAC) is a security technology that controls and manages access to network resources. It helps organizations ensure that only authorized and compliant devices and users can connect to their private networks. Enterprises can use NAC solutions in various network environments, including wired and wireless networks, remote access, and cloud-based services. They are often used in conjunction with othe...
Enterprise internal networks are used to flat and open; an internal host can access almost all the other hosts on the network. With increasing security control and performance requirements, the modern environment breaks them into small groups or zones based on different business needs or functional criteria and enforces rules to limit access between them. This is called Network Segmentation. A successful Network Segmen...
Network segmentation is a cyber hygiene best practice that helps strengthen a business’ security and mitigate damages from a data breach. According to the Cost of Data Breach 2021 report by IBM, data breach costs from 2020 to 2021 went from $3.86 million to $4.24 million, a 10% increase in average. What is network segmentation? Network segmentation, also called network partitioning or network isolation, divides a net...
Network lateral movement, or lateral movement, refers to cyberattackers’ techniques to move through a network. Lateral movement allows the cybercriminal to move deeper into the compromised system to locate sensitive data and access privileged information. After gaining access to the system, the cybercriminal impersonates an authorized user and moves throughout the network to achieve their objective. The attacker gath...
In cybersecurity, macrosegmentation is another way to describe standard network segmentation practices. Network segmentation is the division of an organization’s network into smaller segments that are protected by firewalls. This kind of segmentation is a security best practice recommended by the National Institute of Standards and Technology (NIST), the Purdue reference architecture, and other frameworks. The goal is t...
Microsegmentation in cybersecurity creates small zones within or adjacent to existing network segments to make it harder for malicious communications and activity to move throughout the network. By preventing lateral movement within zones protected by a firewall, network microsegmentation can limit the impact of external attacks, malware infections, and unauthorized internal user access. To be effective, microsegmentation...
Network Segmentation Test is a key component of network segmentation deployment and ongoing regular operation tasks. It typically involves a series of manual or semi-automated security and network checks to ensure that the communication between different network segments works properly as designed. There are no security holes or gaps that attackers could exploit. The test uses a combination of many different approaches...

Frameworks

The NIST cyber security framework provides policy and guidance for private sector companies within the United States to prevent, detect, and respond to cyber threats. Depending upon the complexity of the organization, a properly developed NIST framework can be completed in several months to several years. Gartner predicts that post-2020 upwards of 50% of organizations will follow some aspects of NIST, including organizati...
Zero Trust is a cybersecurity model that requires all users, inside or outside an organization, to be authorized and authenticated at every stage of digital interaction. A Zero Trust policy requires constant validation to reduce the number of cyberattacks by unauthorized users attempting to access organizational resources.  According to Microsoft’s Zero Trust Adoption Report 2021, 96% of security decision-makers...
Zero Trust is a cybersecurity model that requires all users, inside or outside an organization, to be authorized and authenticated at every stage of digital interaction. A Zero Trust policy requires constant validation to reduce the number of cyberattacks by unauthorized users attempting to access organizational resources.  According to Microsoft’s Zero Trust Adoption Report 2021, 96% of security decision-makers...
Zero Trust is a security model that seeks to prevent malicious actors from breaching your network and moving laterally across it.  Per the Department of Defense (DOD) Zero Trust Reference Architecture, "The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted."  This cybersecurity framework requires continuous...
The CIS Critical Security Controls (CIS Controls) are a set of actionable best practices that organizations should prioritize to improve their cybersecurity posture. Formerly known as the SANS Critical Security Controls (SANS Top 20 Controls), these guidelines are now published by the Center for Internet Security (CIS). An international community of experts updates the list of controls periodically. In its current vers...
The US government formed the National Institute of Standards and Technology, or NIST Cybersecurity Framework to protect the nation's most critical assets, defined by NIST SP 800-30, Rev. 1 “system and assets, whether physical or virtual, are so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public...
All Cyber Security Frameworks (CSFs) have their roots in Risk Management Frameworks (RMFs), and all begin with an “Identify” phase. This is when the organization gathers information about the essential services the organization provides and hypothesizes how damage, which is calculated by a loss in either Confidentiality, Integrity, or Availability may be encountered and avoided, or otherwise managed by the organizatio...
The NIST Cybersecurity Framework (NIST CSF) provides a multi-step process to implement what is known as best practices when protecting our assets and infrastructure. NIST has detailed 5 critical functions that need adherence: IdentifyProtectDetectRespondRecover NIST recommends a 7-step process to establish a cybersecurity program: Prioritize and ScopeOrientCreate a Current ProfileConduct a Risk AssessmentCreat...

Threat Detection & Response

The cyberattack lifecycle, also known as the cyber kill chain, is a model that describes the stages of a typical cyberattack. The model was originally developed by Lockheed Martin and has since been widely adopted by the cybersecurity industry. By understanding the stages of the cyberattack lifecycle, organizations can develop strategies and defenses to prevent, detect, and respond to breaches. They can also develop in...
The term zero-day is used when security teams are unaware of software vulnerabilities and have had no time (0 days) to design a patch or update to resolve the issue. Zero-day malware attack is caused by a zero-day vulnerability, which is an unknown security flaw that a threat actor can target and exploit. What is meant by zero-day malware? Zero-day malware is a malicious software that...
Threat intelligence is information that is collected, processed, and analyzed to help organizations better understand a threat actor's motives and behaviors. Threat intelligence allows teams to think ahead and, in turn, react accordingly.  Types of threat intelligence include: Strategic — Broader trends that are typically meant for a non-technical audience. Tactical — Outlines of the tactics, techniques...
XDR and SOAR solutions offer organizations security capabilities and enhanced protection but the terms are not interchangeable. Learn more about the similarities and differences between these cybersecurity technologies and how they can help secure your IT environment. Extended detection and response (XDR) Extended detection and response (XDR) is a cybersecurity solution that collects and analyzes data from multiple ...
What do the acronyms XDR and SIEM stand for? And how are they related? Keep reading for more insight on these two cybersecurity solutions.  What is XDR? Extended detection and response (XDR) is a security solution that collects and analyzes data from multiple sources to detect, prevent, discover, and respond to cyberattacks and unauthorized misuse. Forrester Research defines XDR security as “the evolution of EDR...
A denial of service (DoS) attack is a cyberattack that prevents legitimate users from gaining access to services and resources by flooding the target network with fake traffic to overload systems and prevent legitimate traffic. Goal of a DoS attack The purpose of a DoS attack is to slow down or prevent a machine or network from being accessible to its intended users. Cybercriminals may perform a DoS attack to extort...
The average total cost of a data breach in 2021 was $4.24 million—a 10% increase from 2020, according to the IBM Security Cost of a Data Breach Report 2021. Depending on the organization’s security posture, the cost of a breach can drastically vary. Costs associated with a data breach IBM reported four key categories that contribute to the cost of a data breach: lost business cost (38%), detection and escalation (2...
Cybersecurity is the group of best practices that keeps intruders out of business networks, healthcare systems, industrial control networks, critical infrastructure, and other systems. It prevents the exposure of sensitive data to criminals and state actors, stops ransomware attacks that can disrupt an organization’s daily operations, and prevents remote takeovers of computers, equipment, and other assets.  Cybe...
SIEM (“sim”) is a cybersecurity acronym for security information and event management. Part of traditional IT security, SIEM solutions collect and analyze asset and event logs and other data to support threat detection and management. By aggregating and analyzing event data from an enterprise’s networks and other assets, SIEM tools help monitor for and detect anomalies, alerting the security operations center to pot...
EDR stands for endpoint detection and response. EDR is a security strategy that matters now more than ever given the skyrocketing growth of endpoints across the internet of things (IoT), internet of medical things (IoMT), OT, 5G, and smart devices. Every new endpoint expands an organization’s attack surface, and many endpoints are unmanaged and effectively invisible to legacy security tools and solutions.  Defin...
Attackers often seek to insert their own code into target apps, systems, and devices to change how a program runs, gain unauthorized access to data and systems, or control a network, system, or device remotely. SQL injection, cross-site scripting, and remote file injection are some common code injection attacks. What’s vulnerable to code injection attacks? Anything that runs on code and isn’t properly secured can b...
With ransomware attacks on the rise, many companies are looking for ways to limit their exposure to this potentially expensive cyberattack. According to Coveware's 2020 study, enterprise organizations paid up to $780K in ransom payments per event. Smaller businesses lose, on average, $200K in downtime and recovery costs, with many of them filing bankruptcy due to the event. (CNBC, 2019) What is ransomware? According to...
The beating heart of almost everyone’s cyber operation is the Security Operation Centre and its analysts. Whether you have outsourced some or all of the layers in a SOC, three things remain consistent. you can’t outsource the risk.you have too many alerts and not enough people.measurement and metrics are highly visible. Making the SOC effective is the single most important function in detection and protection co...

Ransomware

Cyberattacks threaten organizations’ data, operations, and revenue. In 2021, the average cost of an enterprise data breach rose to $4.24 million, and data breaches related to cyberattacks increased by 27 percent over 2020.  Total asset visibility and intelligence creates the foundation for stronger cyberattack protection. Device identification More than a third of devices in the typical organization’s en...
Extended Detection and Response (XDR) is a security solution capable of unifying several threat defense tools into a holistic approach.  In its Market Guide for Extended Detection and Response, Gartner defines XDR as "a platform that integrates, correlates and contextualizes data and alerts from multiple security prevention, detection and response components." EDR vs. XDR: What's the difference? While Endpoint ...
SOC stands for security operations center. SOC is a team or facility dealing with security issues within an organization. The goal is to detect, assess, and respond to security threats, increasing the organization's resilience and helping to meet regulatory requirements. There are different models for a SOC strategy, from in-house operations to outsourced resources. Large companies might have a dedicated facility where...
Ransomware attacks have been a lucrative business model for criminals, with large payouts. The average ransom payment is almost a quarter-million dollars, according to a 2021 IDC survey which found that one-third of organizations around the world were ransomware victims over the previous year. What is ransomware? Ransomware is a malware program that encrypts files on computer systems, making them unusable. Attackers t...

Healthcare

The use of Internet of Things (IoT) in healthcare poses cybersecurity concerns such as insufficient device security controls and increased attack surface. What is IoT in healthcare? Often referred to as Internet of Medical Things (IoMT), IoT in healthcare refers to the use of IoT technology in the delivery of patient care. This includes the use of connected devices, sensors, and systems to collect and transmit data for...
Internet of Medical Things (IoMT) refers to medical devices and applications with Internet connectivity. It's a subset of Internet of Things (IoT) and, for this reason, is often referred to as IoT in healthcare. The overall category of IoT devices is typically more consumer-oriented, focusing on usability and convenience. IoT devices include smart TVs, lighting apps, voice assistants—really any number of smart, conne...

Vulnerability Management

A denial-of-service (DoS) vulnerability is any gap that results in a DoS attack. What is a denial-of-service attack? A DoS attack is a malicious attempt to render a machine or network inaccessible to its intended users by hampering the device's normal functionality. Malicious actors launch these attacks by sending information and unusual traffic ...
A vulnerability is a known weakness or flaw within your digital assets that malicious actors can exploit. In cybersecurity, risk is a prediction of how much an organization stands to lose in the event of an attack, in terms of stolen or damaged assets. A cyber threat exploits a vulnerability and increases the risk to your systems, data, and assets.  Understanding the differences between risk vs vulnerability can h...
According to the FBI Internet Crime Report 2021, the Internet Crime Complain Center (IC3) received 649 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack — totaling roughly $6.9 billion in losses in 2021. Protecting critical infrastructure is important to maintaining a healthy and sustainable economy.  What is critical infrastructure protecti...
Vulnerability management is a technical practice that maps the “output of information security technology to define the risk priorities for organizations.” Mapping and managing vulnerabilities requires several processes, including:  Assessing threats and vulnerabilities. Knowing acceptable configurations and policies. Identifying deviations from those accepted practices. Determining risk levels. O...

Cybersecurity

The biggest threats to cybersecurity in banking and finance include ransomware attacks, threats to cloud infrastructure, and insider threats. It has become critical to stay ahead of the curve when it comes to cybersecurity in banking to minimize the risk of successful cyber incidents and data breaches. What are the top cyber threats to the banking industry? The top cyber threats to ba...
SOC stands for security operations center. SOC is a team or facility dealing with security issues within an organization. The goal is to detect, assess, and respond to security threats, increasing the organization's resilience and helping to meet regulatory requirements. There are different models for a SOC strategy, from in-house operations to outsourced resources. Large companies might have a dedicated facility where...
In cybersecurity, the attack surface is the sum of attack vectors, the different entry points where a cyberattacker can try to enter data to or extract data from an environment. A high number of attack vectors means that an unauthorized user has more opportunities to breach a network. In order to increase their cyber resilience, organizations should take steps to reduce their attack surface. Ways to minimize attack ...
Attack surface is the sum of different attack vectors an unauthorized user can use to breach a network or system.  An attack vector is the method, path, or scenario that a cyberattacker can exploit to gain entry to an IT system. Examples of some common attack vectors include phishing, malware, compromised passwords, encryption issues, and unpatched software. Attack surface examples Examples of an attack surface...
Multiprotocol label switching (MPLS) is a telecommunications network technology that routes traffic using the shortest path based on predetermined "labels," instead of network destination addresses, to handle forwarding over private wide area networks.  MPLS enhances Ethernet connectivity and drastically improves traffic speed, limiting the amount of user downtime when connected to the network. Organizations use M...
IT service management (ITSM) describes how IT teams manage their customers' IT services. Activities include designing, creating, developing, delivering, and supporting IT services. ITSM leads to increased efficiency and productivity while achieving customer satisfaction and business goals. A configuration management database (CMDB) is a repository of information about your IT environment, including configuration items ...
Enterprise cybersecurity is the implementation of practices and principles for protecting company data and resources from cyber threats. Enterprise cybersecurity deals with preventing and mitigating damage from cyberattacks such as ransomware attacks, social engineering, data breaches, and software vulnerabilities. Consequences of a corporate network security breaches According to Verizon’s Data Breach Investigations...
Cyber hygiene, also known as cybersecurity hygiene, is a set of practices focused on regularly maintaining the health and security of an organization’s users, devices, networks, and data. Cyber hygiene aims to keep confidential information safe and secure from potential cyber threats and attacks. Why is cyber hygiene important? Lack of cyber hygiene puts businesses at risk of cyberattacks, which can lead to massive f...