Chief information security officers are on the frontlines of the ongoing cyberwar, and the battle has never been more active. Keeping track of what is connected is essential when every asset is a possible weak point where criminals can infiltrate a network.
But yesterday’s security tools were built for limited environments where critical assets were clearly defined and secured behind a perimeter. Today’s dispersed attack landscape means unmanaged smart devices from cellphones to vehicles could be invisibly linked into a company’s network.
How to identify assets and secure vulnerabilities across this ever-expanding attack surface was the topic of recent discussion as CISOs, industry analysts and security experts gathered virtually for the “Manage Risk Across Your Extended Attack Surface” event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. (* Disclosure below.)
In case you missed it, here are theCUBE’s top three takeaways from the event:
1) Armis aims to be ‘Google maps for security.’
What if your security landscape was laid out in front of you like a map and finding vulnerable assets was just a simple search away? That’s the end effect of deploying Armis’ intelligent Asset Vulnerability Management, or AVM, platform, according to Armis customer Alex Schuchman, chief information security officer of Colgate-Palmolive Co.
“With a nice visualization and an easy search engine … everything is really at your fingertips,” he told theCUBE during Colgate-Palmolive’s customer use-case panel. “If you want to find something, you just go to the search bar, click a couple of entries and boom, you get your list of the associated devices.”
Organizations are “blown away” by the fact that Armis can show them so much about the devices connected to their network from behind one single console, according to Bryan Inman (pictured), solution architect at Armis Inc.
During the “Manage Risk Across Your Extended Attack Surface” event, Inman gave a demonstration of the Armis platform, including its AVM platform features. The simplicity was clear as he walked attendees through a macro-level view of the dashboards that break assets down into hardware, applications and operating systems. Scrolling down, he showed breakdowns by vulnerabilities and demonstrated how users can create custom dashlets and display views of the number of impacted devices grouped by common vulnerabilities and exposures, or CVE, as well as how long the vulnerable devices have been connected into the environment.
On a micro level, users can select a single impacted device and look at the level of the vulnerability to establish how critical it is to the organization’s overall operations and how actively the CVE is being exploited in the wild. An auto-result feature passively detects required patches or updates and gives users the option to apply them with one click across all affected devices.
“If we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, right now we’re able to view which patches are going to give me the most impact as I prioritize these and take care of these affected devices,” Inman explained.
Watch Inman’s complete video demonstration of the Armis AVM platform:
2) Armis is agentless (and why that matters).
Modern security environments are so complex that any solution that requires more than a couple of clicks for integration is a dead duck in marketing terms. And security teams don’t want yet another vulnerability scanner or point tool to add to their cumbersome collections. What they want is to be able to streamline the complex and scalable process of being able to manage vulnerabilities within the environment, according to Nadir Izrael, co-founder and chief technology officer of Armis Inc., who spoke to theCUBE during the event.
Armis meets this goal with its software-as-a-service platform. Being agentless means a no-code installment with all communication through application performance interfaces. And its AVM platform can be deployed on top of existing scanners, bringing instant value.
“Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don’t need to do a thing. It just deploys on top of it, and that’s really what makes this so easy and seamless,” Izrael stated.
Customer statements back up the company CTO. Kalahari Resorts LLC CISO Tim Everson told theCUBE that deploying Armis’ solution was “very quick and easy, very drop and plug and play.” Within a couple of hours of that first limited deployment, he was monitoring data on 30 to 40,000 devices that were touching the hotel’s network.
Colgate-Palmolive Inc. is a poster child for manufacturing transformation. The company has connected devices across its smart manufacturing facilities and driving efficiency through automation is a major goal. But even by the company’s high standards, deploying Armis was simple.
“We implemented the first set of plants very quickly, actually even quicker than we had put in our project plan, which is not typical for implementing complex security solutions,” Schuchman told theCUBE.
Watch Schuchman’s five-minute description of how Colgate-Palmolive uses Armis’ solutions:
3) Armis collective consciousness provides an early detection warning system.
Armis has created an asset knowledge base where it pools information from all the different environments in which its technology is deployed. This “giant collective intelligence” is constantly learning and passing on the knowledge of vulnerabilities to the rest of Armis’ ecosystem.
The real-world application of this is that if, for instance, a new vulnerability on the scale of Log4J were detected, the Armis intelligent platform would immediately create enrichment rules to protect the company’s entire client base.
In addition, the company funds proactive research in areas it feels are underserved, according to Izrael. In May, five additional vulnerabilities were added to March’s TLStorm disclosure of three critical vulnerabilities in APC Smart-UPS devices. These vulnerabilities expose 80% of companies to potential catastrophic cyberattacks, according to Armis’ data.
“The type of active research we do is to complement a lot of the research going on in the industry, to serve our clients better but also provide inroads for the industry to be better at what they do,” Izrael stated.
Here’s theCUBE’s complete video interview with Izrael:
To watch theCUBE’s complete coverage of the “Manage Risk Across Your Extended Attack Surface With Armis Asset Intelligence Platform event, here’s our complete event video playlist:
(* Disclosure: TheCUBE is a paid media partner for the “Manage Risk Across Your Extended Attack Surface” event. Neither Armis Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)