We have added this content into our tool, it is mapped to IEC62443, and includes the 3 different mitigation levels: Foundational, Intermediate, and Leading. MITRE EMB3D™ is a threat model designed specifically for embedded devices, mapping known cyber threats to device features and proposing mitigations that can protect these systems from exploitation. Learn more about EMB3D and how we utilize it in IriusRisk.
Industrial Control Systems and their operational technology assets remain a prime target for persistent attacks - particularly those deemed as Critical National Infrastructure (CNI). These critical, high-risk systems have unique security requirements to prevent compromise - but how do you identify these?
See an example on how IriusRisk can be used to quickly and easily determine what the specific countermeasures for a given Security Level should be; and how to move a component from one SL to another and see the corresponding changes to the countermeasures required.
The ATT&CK Matrix for Enterprise is already available in IriusRisk. It provides threats (mapped from techniques and sub-techniques), mitigations, and even data sources and detections. Meaning you can be sure that your threat model includes these techniques and considerations.
They were able to automate a repeatable threat modeling rollout plan. Some key benefits included ‘It enabled them to create attack scenarios that had never been thought of before to make products better. There has also been interest in using the Infrastructure as Code (IaC) descriptors and future issue tracker integration to further scale and speed up the outputs.’