cl-au logo
Story image

FireEye rolls out threat intelligence platform for industrial systems

13 Dec 2019

FireEye has announced the general availability of its new threat intelligence platform for physical systems, such as industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes.

FireEye Cyber Physical Threat Intelligence provides context, data, and actionable analysis on threats to cyber physical systems.

The subscription delivers in-depth analysis on cyber physical-focused malware and malicious tactics, techniques and procedures (TTPs), threat actors, threat activity, vulnerabilities and strategic insights.

This reporting is derived from frontline findings of industry-leading threat intelligence experts and FireEye Mandiant engagements, as well as deployed FireEye technology and an extensive worldwide network of FireEye sensors.

The company says that after 15 years of analysing cyber attacks, it has observed a consistent pattern across almost all OT security incidents.

This pattern indicates that there is significant overlap across TTPs utilised by threat actors targeting both IT and OT networks.

According to FireEye, the company’s observations can be summarised in what we call the Theory of 99, which states that in intrusions that go deep enough to impact OT:

  • 99% of compromised systems will be computer workstations and servers
  • 99% of malware will be designed for computer workstations and servers
  • 99% of forensics will be performed on computer workstations and servers
  • 99% of detection opportunities will be for activity connected to computer workstations and servers
  • 99% of intrusion dwell time happens in commercial off-the-shelf (COTS) computer equipment before any Purdue level 0-1 devices are impacted

Further, FireEye has shaped its philosophy based on this expertise. Its philosophy is that visibility into network traffic and endpoint behaviours is as critical in preventing pivots to key assets in the OT network as in IT security. By drawing parallels between these intrusion methods, detection opportunities can be identified earlier.

FireEye’s SVP of global intelligence Sandra Joyce explains, “While the intersection of the virtual and physical worlds has led to revolutionary connectivity and instrumentation, these benefits also introduce new and complex risks.

“For organisations tasked with maintaining the security and continuity of these systems, FireEye Cyber Physical Threat Intelligence provides an early warning on critical vulnerabilities, and actionable intelligence on the adversaries targeting them.”

FireEye offers organisations an end-to-end solution for ICS and OT, inclusive of threat intelligence, consulting, and Managed Detection and Response (MDR) services, the company states.

This combination of in-depth insight into ICS threats, custom risk ratings with actionable recommendations, and continuous threat detection, asset modelling, and direct collaboration with FireEye OT security experts during high priority incidents presents a powerful way to identify areas of concern and accelerate response.