Identify & Prioritize Vulnerabilities
An ICS Security Risk Assessment can show you which devices are most vulnerable to attack. This lets you prioritize your risk mitigation plans and helps you comply with regulatory frameworks that require you to identify and prioritize all vulnerabilities.
The Armis agentless device security platform automatically performs an ICS Security Risk Assessment for each device in your environment. The risk assessment includes an overall risk score for each device along with detailed information about the factors that make up each device’s risk profile, such as:
- Connectivity methods
- Connectivity behavior
- Use of cloud resources
- Data at rest security
- Software versions
- Authentication security
- Manufacturer reputation
The scores produced by the Armis ICS Security Risk Assessment help you take proactive steps to reduce your attack surface, and they also help you comply with regulatory frameworks that require you to identify and prioritize all vulnerabilities.
Detect Specific OT Communication Risks
Armis can also help you assess the security risks in your OT communication architecture. Most OT environments are modeled after the Purdue reference architecture which shields vulnerable OT devices from attack by limiting their connections. But in practice, the Purdue model is often implemented imperfectly. There are often many loopholes and segmentation violations.
Armis provides visibility to devices on levels 0 through 5 of the Purdue reference architecture, including the connections between all devices. This visibility lets you identify risky connections and violations in your environment.
“The stories of Armis being able to plug in, and it works as advertised without a whole lot of setup or configuration and no issues were true. We plugged it in and it worked. We plugged it into our new rig control systems and attached it back to the corporate systems, and it actually worked. Now we've done some tuning with it, we've gotten really tight, we've actually layered out everything. We can see all our different layers from zero to five.”
Manager of Cybersecurity at Helmerich & Payne
Unlike other risk assessment products, the scope of Armis includes OT devices such as Programmable Logic Controllers (PLCs), Human Machine Interfaces (HMIs), Engineering Workstations (EWS), network devices such as switches, routers and firewalls, and nearby IoT devices such as video cameras, HVAC systems, and more. This is important because increasingly, all these devices are interconnected, thus they all represent an attack surface that must be assessed.
Specific ICS Risk Insights
Once Armis has been deployed in your environment, you will be able to quickly build queries that will let you create reports which answer questions such as:
- Do I have any HMI’s running Windows that are vulnerable to WannaCry?
- Do I have any devices running VxWorks that are vulnerable to URGENT/11 attacks?
- Are any of the switches on my ICS segment vulnerable to CDPwn?
100% Safe. Easily Deployed.
The Armis ICS Security Risk Assessment does not use disruptive network scans or device probes. It uses only passive monitoring technologies, so there is no possibility of harm to your environment. Armis analyzes network traffic and compares what we see to over 280 million device profiles stored in our Device Knowledgebase. This allows us to provide complete information about every device in your environment.
In contrast to products that use active scanning technologies, Armis is easy to setup because no explicit programming or setup is required. There is nothing that you need to enter into the system—no policies or whitelists that you need to know in advance.