sb-eu logo
Story image

FireEye rolls out threat intelligence platform for industrial systems

13 Dec 2019

FireEye has announced the general availability of its new threat intelligence platform for physical systems, such as industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes.

FireEye Cyber Physical Threat Intelligence provides context, data, and actionable analysis on threats to cyber physical systems.

The subscription delivers in-depth analysis on cyber physical-focused malware and malicious tactics, techniques and procedures (TTPs), threat actors, threat activity, vulnerabilities and strategic insights.

This reporting is derived from frontline findings of industry-leading threat intelligence experts and FireEye Mandiant engagements, as well as deployed FireEye technology and an extensive worldwide network of FireEye sensors.

The company says that after 15 years of analysing cyber attacks, it has observed a consistent pattern across almost all OT security incidents.

This pattern indicates that there is significant overlap across TTPs utilised by threat actors targeting both IT and OT networks.

According to FireEye, the company’s observations can be summarised in what we call the Theory of 99, which states that in intrusions that go deep enough to impact OT:

  • 99% of compromised systems will be computer workstations and servers
  • 99% of malware will be designed for computer workstations and servers
  • 99% of forensics will be performed on computer workstations and servers
  • 99% of detection opportunities will be for activity connected to computer workstations and servers
  • 99% of intrusion dwell time happens in commercial off-the-shelf (COTS) computer equipment before any Purdue level 0-1 devices are impacted

Further, FireEye has shaped its philosophy based on this expertise. Its philosophy is that visibility into network traffic and endpoint behaviours is as critical in preventing pivots to key assets in the OT network as in IT security. By drawing parallels between these intrusion methods, detection opportunities can be identified earlier.

FireEye’s SVP of global intelligence Sandra Joyce explains, “While the intersection of the virtual and physical worlds has led to revolutionary connectivity and instrumentation, these benefits also introduce new and complex risks.

“For organisations tasked with maintaining the security and continuity of these systems, FireEye Cyber Physical Threat Intelligence provides an early warning on critical vulnerabilities, and actionable intelligence on the adversaries targeting them.”

FireEye offers organisations an end-to-end solution for ICS and OT, inclusive of threat intelligence, consulting, and Managed Detection and Response (MDR) services, the company states.

This combination of in-depth insight into ICS threats, custom risk ratings with actionable recommendations, and continuous threat detection, asset modelling, and direct collaboration with FireEye OT security experts during high priority incidents presents a powerful way to identify areas of concern and accelerate response.

Story image
HackerOne launches penetration testing to empower digital transformation
“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster."More
Story image
IBM report: Security response improving - containing attacks, not so much
“While more organisations are taking incident response planning seriously, preparing for cyber-attacks isn’t a one and done activity."More
Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More
Story image
Surge in encrypted malware prompts warning about detection strategies
“If you are not decrypting and scanning your secure web connections, you are likely missing a large majority of malware,” the report states.More
Story image
CrowdStrike recognised as leading endpoint security vendor on global scale
IDC's report shows that CrowdStrike demonstrated a 2018-2019 growth rate of 99% and close to doubled its market share, while the market shares of the top three vendors in the corporate endpoint segment declined.More
Story image
IT pros report increase in security issues due to remote working
Security issues, IT workloads and communication challenges have all seen significant increases in the new remote working era, according to new research from Ivanti.More