sb-au logo
Story image

FireEye rolls out threat intelligence platform for industrial systems

13 Dec 2019

FireEye has announced the general availability of its new threat intelligence platform for physical systems, such as industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes.

FireEye Cyber Physical Threat Intelligence provides context, data, and actionable analysis on threats to cyber physical systems.

The subscription delivers in-depth analysis on cyber physical-focused malware and malicious tactics, techniques and procedures (TTPs), threat actors, threat activity, vulnerabilities and strategic insights.

This reporting is derived from frontline findings of industry-leading threat intelligence experts and FireEye Mandiant engagements, as well as deployed FireEye technology and an extensive worldwide network of FireEye sensors.

The company says that after 15 years of analysing cyber attacks, it has observed a consistent pattern across almost all OT security incidents.

This pattern indicates that there is significant overlap across TTPs utilised by threat actors targeting both IT and OT networks.

According to FireEye, the company’s observations can be summarised in what we call the Theory of 99, which states that in intrusions that go deep enough to impact OT:

  • 99% of compromised systems will be computer workstations and servers
  • 99% of malware will be designed for computer workstations and servers
  • 99% of forensics will be performed on computer workstations and servers
  • 99% of detection opportunities will be for activity connected to computer workstations and servers
  • 99% of intrusion dwell time happens in commercial off-the-shelf (COTS) computer equipment before any Purdue level 0-1 devices are impacted

Further, FireEye has shaped its philosophy based on this expertise. Its philosophy is that visibility into network traffic and endpoint behaviours is as critical in preventing pivots to key assets in the OT network as in IT security. By drawing parallels between these intrusion methods, detection opportunities can be identified earlier.

FireEye’s SVP of global intelligence Sandra Joyce explains, “While the intersection of the virtual and physical worlds has led to revolutionary connectivity and instrumentation, these benefits also introduce new and complex risks.

“For organisations tasked with maintaining the security and continuity of these systems, FireEye Cyber Physical Threat Intelligence provides an early warning on critical vulnerabilities, and actionable intelligence on the adversaries targeting them.”

FireEye offers organisations an end-to-end solution for ICS and OT, inclusive of threat intelligence, consulting, and Managed Detection and Response (MDR) services, the company states.

This combination of in-depth insight into ICS threats, custom risk ratings with actionable recommendations, and continuous threat detection, asset modelling, and direct collaboration with FireEye OT security experts during high priority incidents presents a powerful way to identify areas of concern and accelerate response.

Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More