By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

This Unified Asset Visibility and Security Platform Securing OT Devices Against Cyberattacks

Armis platform is the first agent-less, cloud-based, enterprise-class security platform to address the new threat landscape of unmanaged medical and IoT devices.

Andrew-DraperArmis with almost 500 employees globally, they’re building a future that helps its customers and partners to quickly implement their digital transformation strategies and safely adopt new connected devices. The company was formed to help organizations discover and secure managed, unmanaged, and IoT devices, including medical devices and industrial control systems (ICS). During a conversation with Nitisha; Andrew Draper, Regional Vice President, Asia Pacific & Japan, Armis elaborates the role of  Industry 4.0 in cyber security and its demands in today’s time.

Kindly talk about Armis and its special offerings.

Exponential growth of connected devices has delivered a higher level of efficiency and convenience to both individuals and companies, but at the same time, it has opened up the attack surface for enterprises, as many of these devices are not visible to security teams. To protect the organisation, it is imperative that all assets are monitored and secured. Without visibility of the connected assets, security leaders struggle to accurately assess cybersecurity risks, and it raises the difficulty of detecting, safeguarding and/or restoring operations from a cyberattack.

Armis agent-less unified asset visibility and security platform

The Armis platform addresses these challenges by providing organisations with 100% visibility of all connected assets, managed and unmanaged across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS) and 5G, in their environment. Many assets, which were previously invisible because they were unable to accommodate a traditional security agent or withstand network scanning because they are disrupted or crashed, are now visible using the agent-less, 100% passive Armis Platform.

For the first time, organisations can see every asset in one unified view, identified and managed.

At the core of the platform is Device Knowledge base, the world’s largest, crowd-sourced, cloud-based device behaviour knowledge base, which tracks over two billion assets to provide device context.

By keeping a record of all device attributes, including unique device information such as how often each device communicates with other devices, over what protocols, how much data is typically transmitted, whether the device is usually stationary, what software runs on each device, etc, Armis is able to classify devices and detect threats with a high degree of accuracy.  This provides critical context and actionable insights to make faster, and more confident business decisions.

How has the evolution of Industry 4.0 and IoT changed the OT/ICS environment?

Over the past several years, industry 4.0 is pushing the convergence of operational technology (OT) and information technology (IT). When OT and IT connect, manufacturers experience more agility in decision making, more consistency in processes, more efficient use of equipment and staff, while reducing unplanned downtime and eliminating unneeded hardware and software.

The integration is taking form in a few ways, such as OT connecting to traditional enterprise networks or directly to the internet; connecting some devices via peer-to-peer protocols such as Bluetooth; and the proliferation of wireless devices in OT environments, which has exploded over the last few years with the rise of IoT.

While Industry 4.0 introduces innovative approaches for greater efficiency, it is also pushing the OT world into new realms with regards to cybersecurity. OT/ ICS environment is susceptible to a vast array of cybersecurity risks as air-gapping OT networks is no longer viable.

Why are digital OT and smart equipment such common targets of cyber-attacks now?

With OT (operational technology) connecting to traditional enterprise IT and wireless networks in recent years, and no longer being ‘air gapped’ or isolated, OT/ ICS environments are now vulnerable to threat actors who can breach OT systems through IT networks.

Moreover, OT devices in industrial and manufacturing environments often have no built-in security, and it is not possible to install an agent on many of the legacy devices as they were designed with previous assumption that these devices will not be connected to any other networks.

Cyber criminals can access networks to impact OT environments with the hope of getting ransom payments or having demands met. The ways that cyber criminals can disrupt OT environments include making changes to automated processes which can impact product quality, stop production, affect safety controls or prevent access to breached networks. Just one device need to be compromised, for threat-actors to move laterally to compromise others quickly and easily, spreading rapidly throughout a system and causing immense damage.

Over the past few years, there have been a growing number of vulnerabilities discovered in devices in OT environments, many of which involve embedded software used by many manufacturers, such as URGENT/11, a set of 11 zero-day vulnerabilities that impacted various real-time operating systems (RTOS).

Real-time OSes are used by SCADA systems, industrial controllers, Programmable Logic Controllers (PLCs), elevators, firewalls, routers, satellite modems, VoIP phones, printers, etc. If exploited, attackers could take over mission-critical industrial and healthcare devices, bypassing traditional perimeters and security controls.

In the wild, malware such as WannaCry and NotPetya have had major impacts on manufacturing plants, affecting availability or safety as well as company brand and customer relationships.

What are some of the top trends you see upcoming on OT/ ICS cybersecurity for 2022?

With the ever-increasing attack surface from the rising number of OT devices and the potential for impact, breaches to critical operational infrastructures are likely to increase.

In many industries, OT and IT had already converged, even if security practices within the organisation does not reflect that yet. With that in mind, how should businesses counter cyber threats and secure its operational and ICS devices?

Securing OT devices against cyber attacks is important in the ever-growing threat landscape, but it is not an easy task as traditional security tools are often not compatible with OT devices. To address current and future cyber threats and secure their operations, business, IT, OT and security leaders in organisations need to pivot to a different holistic approach and consider solutions with:

  • The ability to function without the need for agents
  • The ability to function using only passive technologies that are not prone to disrupt or crash OT devices
  • Comprehensive security controls that meet most of the important cybersecurity goals specified by NIST CSF or CIS CSC.
  • Visibility of all unmanaged or industrial IoT devices within an enterprise on or off the network
  • Comprehensive communication coverage that directly monitors all communication pathways that could be used in an attack, including ethernet, Wi-Fi, Bluetooth, and BLE.

How does Armis fit into helping businesses keep safe and accelerate their adoption of Industry 4.0?

In the past, air-gapped networks isolated from the internet and enterprise IT networks protects industrial control systems (ICS) and operational technology (OT) from external threats, but today this may be a false sense of security.

Employees’ lack of awareness or compliance with proper security procedures can unknowingly expose an organisation to cyber attack. An organisation recently found that one of the engineers was using an air-gapped engineering workstation to access social media sites during spare time. Though this may seem trivial, it can potentially expose a critical environment to security risks, especially when OT devices are now built on top of common platforms such as windows and linux rather than very specific and less known systems.

Some legacy OT devices in industrial and manufacturing environments have no built-in security, as these were designed with the assumption that the devices wouldn’t by connected to any other networks. As the air gap dissolved, traditional IT solutions which rely on agents or active scanning are not able to protect these devices and it is not possible to install an agent on many of the legacy devices. Network scans can also disrupt or crash some of these OT devices, leading to downtime and jeopardising employee safety. ICS can become a sitting target for cybercriminals with these unsecured entry points.

ICS and manufacturing environments need an agent-less solution like Armis, which works with all devices, obtains full visibility of the devices, performs a risk assessment to identify any vulnerability and threat, and provides contextual insights for managed and unmanaged, IT or OT/ICS devices for fast and accurate business decisions.

What role Armis play in medical industry. Kindly elaborate.

Connected medical devices are increasingly used today as part of the patient’s journey. They help clinicians deliver faster and higher quality care, and improve the patients’ experience in the treatment process. However, many of these devices lack inherent security controls, are not seen or managed by traditional security solutions, and do not easily receive software updates. Such vulnerabilities put sensitive data, day-to-day facility operations and patient health at risk, but most healthcare delivery organisations aren’t prepared to address these challenges.

Armis platform is the first agent-less, cloud-based, enterprise-class security platform to address the new threat landscape of unmanaged medical and IoT devices. It provides visibility of every device (from an IP camera to an MRI scanner) on and off the network and analyses behaviour to identify risks to protect critical patient information and systems from attacks. This includes off-network devices using Wi-Fi, Bluetooth, and other IoT protocols in the environment – a capability no other security product offers without additional hardware. The comprehensive device inventory Armis generates includes critical information like device manufacturer, model, serial number, location, username, operating system, installed applications, FDA classification, and connections made over time.

Integrating easily with an existing network and security products, Armis platform passively monitors wired and wireless traffic on your network and in your airspace. The Armis Risk Engine then analyses this data and uses device profiles and characteristics from the Armis Device Knowledge base to identify each device, understand their behaviour, assess their risks, detect threats, and quarantine suspicious malicious devices automatically without disruption. Armis calculates its risk score based on factors like vulnerabilities, known attack patterns, and the behaviors observed of each device on your network. This risk score helps a security team understand the organisations’ attack surface and meet regulatory requirements to identify and prioritise vulnerabilities.

Is there any plan to expand your business in Indian market? Explain. Kindly share your future marketing strategies for the year 2022.

Yes, Armis commenced commercial activities in India at the beginning of May 2021. India is a country which does everything at scale. Being one of the most populated countries in the world, this market offers an immense opportunity for businesses to expand their commercial and enterprise footprint. Our strategy for 2022 is about scaling and key wins, and India offers a fantastic opportunity for the business.

As a major focus we are very committed to work jointly with our Channel and Alliance global partners, and create local relationships. We are very fortunate to have strong alliances with Check Point Software, Crowdstrike, Sentinel One, Accenture, EY, and many others. With our first India Sales Director starting this month, we see opportunities to establish key relations in the local market. You will also see Armis more often in trade shows and events.

Tags

Nitisha Dubey

I am a Journalist with a post graduate degree in Journalism & Mass Communication. I love reading non-fiction books, exploring different destinations and varieties of cuisines. Biographies and historical movies are few favourites.

Related Articles

Upcoming Events