Armis, the #1 unified asset visibility and security platform provider today announced its official participation in MITRE Engenuity’s initial round of ATT&CK® Evaluations for industrial control systems (ICS). In these tests, MITRE Engenuity used the MITRE ATT&CK® knowledge base to emulate the tactics and techniques used in the TRITON malware attack against a petrochemical facility in Saudi Arabia. This malware was used to interact with Triconex Safety Instrumented Systems (SIS) and represents the first publicly reported incident demonstrating a targeted attack with a known effect to an operational SIS. Armis provided 100% visibility of all IT & OT/ICS assets with real-time detection of all initial access and lateral movement. In addition, Armis achieved 100% coverage of all MITRE Engenuity ATT&CK Evaluations for ICS tactics.
“MITRE’s ATT&CK knowledge base is widely recognized as the industry standard for tracking adversarial tactics and techniques, and these ICS evaluations are a crucial validation of the power of the Armis platform,” said Christopher Dobrec, Vice President, Product Marketing, Armis. “Recent attacks on water plants, oil and gas pipelines and other critical infrastructure prove that cyber resilience in these sectors is critical to ensure continued operations and even national security. Armis clearly stands up to MITRE Engenuity’s rigorous testing which means it will detect specific behaviors of potentially devastating malware like TRITON and can play a key role in securing OT and ICS environments.”
TRITON malware targets safety systems, preventing operators from responding to failures, hazards and other unsafe conditions, potentially causing physical destruction that can lead to fatal consequences. Russia’s Central Scientific Research Institute of Chemistry and Mechanics was responsible for developing TRITON which enabled the attack against safety controllers in a Saudi refinery causing them to enter a failed safe state in an ultimately unsuccessful attack. This led the U.S. Department of Treasury to impose sanctions against the institute.
The Armis platform is the leading unified asset visibility and security solution to provide ultimate OT/ICS and IT visibility that addresses the expanding threat landscape of managed, unmanaged, ICS, OT, IoT, and IoMT devices. Armis discovers every device in an environment, tracks its behavior, detects active vulnerabilities and threats, and protects critical business information and systems. Armis passively monitors all traffic on the network and in the airspace to identify and classify every device and to understand each device’s behavior without disrupting its operation. Core to the Armis Platform is our Device Knowledgebase which tracks over one billion devices—and growing. The Device Knowledgebase contains unique device profile information which is used to understand not only what the device is and what it is doing, but what it should be doing. When a device operates outside of its baseline, Armis can automatically remediate any threat.
“There are many products that offer different approaches to detecting ICS attacks, and these evaluations can help security practitioners better understand how they meet their organization’s needs in areas including the stage of attack when the detections occur, the types of data sources that can be collected and how information may be presented,” said Otis Alexander, who led the ATT&CK Evaluations for ICS. “Few organizations have the time and resources to install and test multiple products as they make decisions on what they need to defend their network, therefore our evaluations are intended to take some of the guesswork out of the process and provide clarity about how security products detect adversary activity.”
For more information about how Armis scored, a copy of our paper and related digital assets visit https://www.armis.com/lp-mitre-engenuity-attack-for-ics-2021/. If you would like to know more about the Mitre Attack framework visit here: https://www.armis.com/mitre-attck-for-ics/. If you would like to know how Armis can help you with your ICS needs click here: https://www.armis.com/ot-device-security/
About Armis
Armis is the leading unified asset visibility & security platform designed to address the new threat landscape that connected devices create. Fortune 1000 companies trust our real-time and continuous protection to see with full context all managed, unmanaged, and IoT devices, including medical devices (IoMT), operational technology (OT) and industrial control systems (ICS). Armis provides passive and unparalleled cybersecurity asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in Palo Alto, California. Follow us on Twitter and LinkedIn.
About MITRE Engenuity ATT&CK Evaluations
MITRE Engenuity ATT&CK Evaluations are paid for by vendors and are intended to help vendors and end-users better understand their product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. MITRE developed and maintains the ATT&CK knowledge base, which is based on real world reporting of adversary tactics and techniques. ATT&CK is freely available, and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation. The evaluations do not provide scores, ranks, or endorsements.
About MITRE Engenuity
MITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing and next generation communications. www.mitre-engenuity.org
Media Contact
Mariah Gauthier
951-314-0760
Armis@highwirepr.com