Securing a digital business against cyberattack is a constant battle, waged across an ever-widening attack surface against increasingly sophisticated enemies. Security specialists wield an armory of solutions to combat visible threats. But many assets – critical and otherwise – remain hidden.
These unknown, unmanaged devices can be obscure and unexpected, making discovery a tricky task. A recent report found that 95% of healthcare deployments included consumer-grade virtual assistant devices, such as the Amazon Alexa, operating alongside medical surveillance equipment. In the most extreme examples, employees were found running social media applications on MRI and CT Scan machines with outdated Windows XP operating systems. And one worker linked their Tesla to a hospital network.
This proliferation of invisible attack points affects every organization, from small to large. Earlier this year, tech giant Microsoft Inc. was the victim of a phishing attack that took advantage of the company’s “bring your own device” policy to link rogue devices into the organization’s network without detection.
“You can’t secure what you can’t see,” said Nadir Izrael, co-founder and chief technology officer of Armis Inc. He equates the situation to “security teams everywhere running the battlefield, if you will, of their organization without an actual map of what’s going on.”
Izrael spoke with theCUBE industry analyst John Furrier during the “Manage Risk Across Your Extended Attack Surface with Armis Asset Intelligence Platform” event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio.
“Having visibility into the entire asset base on this discovery basis brings a Google Maps vibe to lay out all the assets and then understand the context,” Furrier said. “All the data is there on a dashboard, so this should help security professionals and operations teams be faster, smarter, more efficient and enable their developers to develop the best solutions.”
During the event, Furrier also spoke with Alex Schuchman (pictured), chief information security officer of Colgate-Palmolive Co.; Tim Everson, CISO of Kalahari Resorts LLC; Brian Galligan, manager of security and operations at Brookfield Properties; and Bryan Inman, solution architect at Armis. (* Disclosure below.)
Armis reveals and secures unmanaged assets across modern dispersed environments
“When most of the solutions that enterprises use today were built, they were built for thousands or tens of thousands of assets. These days, we measure enterprises in the billions and billions of different assets,” Izrael said. Out of these assets, approximately 70% are unmanaged, he added.
This is a modern problem brought about by cloud computing, the availability of fast network speeds, the growth of the internet of things and industrial IoT, and users with an expectation of constant connectivity.
“If you look back a number of years, most of the manufacturing equipment was disconnected from the internet. It was running in silos,” stated Colgate-Palmolive’s Schuchman.
Securing non-connected equipment that could be cordoned off behind firewalls and security was easy. Now, CISOs like Schuchman are supposed to secure open ecosystems filled with connected devices over which they have no control.
Colgate-Palmolive’s security posture had to change from simple “castle and moat” protection to proactive asset risk management, Schuchman told Furrier.
“You really have to embrace if there’s a vulnerability with one of those suppliers, then how do you mitigate the risk associated to that vulnerability,” he said.
But mitigating risk is impossible without a complete knowledge of what assets are connected to a network and what risks they pose. This is where Armis steps in, providing organizations with “a complete, unified, authoritative asset inventory,” according to Izrael.
“We are here to provide that map in every aspect of the environment and be able to build on top of that business processes, products and features that would assist security teams in managing that battlefield,” he stated.
Armis provides cyber asset attack surface management that goes beyond other vulnerability scanners by creating a unified view of the attack surface that includes all unmanaged devices. This gives credible, up-to-the-minute, and contextualized vulnerability and risk information with the scale, reach and context required to protect assets in a world where nation-states attack critical infrastructure and ransomware is an everyday threat.
“You can’t just now wait around for things to kind of scan through the environment and figure out what’s going on there. Real-time images of vulnerabilities, real-time understanding of what the risk is across that entire massive footprint is essential,” Izrael stated.
Watch theCUBE’s complete video interview with Nadir Izrael below:
How Armis provides 100% visibility and beyond …
Armis has recently expanded its services with the addition of Armis Asset Vulnerability Management to its unified asset intelligence platform. This makes the company the first to provide end-to-end risk-based vulnerability management across the extended attack surface, according to Armis’ Inman.
“Armis, as a baseline, is giving you great visibility into every asset that’s communicating within your environment,” he said. “And from there what we’ve done is we’ve layered on known vulnerabilities associated with not just the device, but also what else is on the device.
Demonstrating the capabilities of Armis’ platform and the AVM, Inman shared a live screenshot from the console showing connected devices, ranging from the easy-to-manage virtual machine and personal computers to more obscure devices, such as lighting systems and personal security cameras. He then showed how Armis’ vulnerability management displays the status of devices by common vulnerabilities and exposures, such as grouping hardware, operating systems and applications. Dashlets display the number of devices affected and how long the vulnerabilities have been sitting in the environment.
The platform doesn’t just report based on the common vulnerability scoring system from the National Vulnerability Database provided by the National Institute of Standards and Technology, according to Inman.
“We’re also able to report on things like … how actively is this CVE being exploited in the wild,” he said. “We’re able to take open-source information, as well as a lot of our partnerships that we have with other vendors, that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware.”
Watch Inman demonstrate the AVM features of the Armis unified asset intelligence platform below:
Pin test finger points anomalous device in five minutes
Visibility is essential for the hospitality chain Kalahari Resorts LLC, which contends with the daily rotation of thousands of customers connecting the personal devices they bring with them to Kalahari’s resorts and conference centers. In a customer session, Kalahari’s Everson shared the benefits Armis has brought to his team.
“Within the first couple hours of the appliance being on the network, we had data on 30 to 40,000 devices that were touching our network,” he said.
The install was “drop and plug and play” both for that original proof-of-concept test and for the rollout in Kalahari’s sites across the United States.
“It’s just amazing how much data this opened our eyes to that you know is there but you don’t ever see it,” Everson said.
Armis gives both the broad picture so companies such as Kalahari can monitor network usage, but it also gives the ability to finger point a single vulnerable device. For instance, during a customer session with Brookfield Properties’ Galligan, he explained how his team was able to identify an anomalous device on its network.
“Because we own multiple companies and they use different tools for vulnerability management, it’s been a challenge to be able to compare apples to apples on when we have vulnerability,” Galligan said. “One of the best stories that I can tell is with a pen[etration] test that we ran recently. We were able to determine what the pen test device was and how it was acting anomalously and then fingerprint that device within five minutes, as opposed to getting on the phone with probably four or five different groups to figure it out.”
Watch Schuchman, Galligan and Everson present the CISO’s perspective on the Armis asset intelligence platform in the complete event video below:
(* Disclosure: TheCUBE is a paid media partner for the “Manage Risk Across Your Extended Attack Surface” event. Neither Armis Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)