FireEye has announced the launch of the Mandiant ICS HealthCheck service, a minimally-invasive cyber security assessment for operators of mission-critical ICS. The ICS HealthCheck service is available now and is a core component of FireEye’s continued focus on securing critical infrastructure.
ICS HealthCheck was specifically designed to meet the needs of asset owners concerned about the operational risk associated with software-based agents, network scanning or other security evaluation techniques.
Mandiant’s purpose-built methodology does not require any changes to the control system and does not generate network traffic that could disrupt normal operations. By modelling network architecture and data-flows, using nation-state grade intelligence to simulate possible attacks, and prioritising controls, organisations are able to better detect and respond to the unique threats their ICS environments face. This unique methodology bridges IT security and operational technology (OT) by enabling IT security teams and the engineering staff who manage ICS infrastructure to [help create and] identify joint solutions to identified vulnerabilities.
“The cyber security threats to ICS are becoming more tangible as threat actors expand beyond IP theft, cybercrime and espionage into ransomware, disruptive attacks and wiper malware,” said Dan Scali, senior manager, ICS Security Consulting, FireEye. “The ICS HealthCheck is a critical service offering for any organization running ICS infrastructure, and, as part of the FireEye platform, allows customers to benefit from our intelligence on ICS-specific threats, strategically address risks, and reduce their time to detect and respond to threats.”
Mandiant ICS HealthCheck customers receive the following tools:
- Threat Model Diagram: a diagram of the ICS infrastructures – including its interactions with the IT networks, ICS vendor networks, the Internet, and other access vectors – overlaid with FireEye’s ICS-specific intelligence to show how attackers could disrupt or degrade operations
- ICS HealthCheck report: an overview of the technical flaws Mandiant identifies, including vulnerabilities, misconfigurations, or weaknesses, along with their risk priority
- Technical & Strategic Recommendations: a presentation specifically designed to align IT and OT stakeholders at the technical and management levels around addressing the threats to their ICS infrastructure
As part of FireEye’s initiative to secure ICS infrastructure, the Mandiant ICS HealthCheck along with the recently announced strategic partnership with Parsons bolsters the service portion of the FireEye platform. The recent acquisition of iSIGHT Partners has added deep intelligence capabilities around ICS to the FireEye platform while the newly announced strategic partnership with Belden adds ICS integrations to FireEye technologies.