Businesses across every industry are experiencing an explosion of unmanaged and IoT devices within their environments. These devices are designed to connect, they lack built-in security mechanisms, they can’t take an agent, and they’re difficult or impossible to patch – leaving them highly vulnerable to attacks.

“Without visibility into these devices, organisations are left without an effective way to mitigate risks or to stop potential attacks. The ability to readily integrate with existing technology partner investments makes the Armis® agentless devices security platform a cost-effective option for a number of markets,” said Andre Kannemeyer, CTO at Duxbury Networking, distributor of Armis solutions in South Africa.

The Armis security platform works with the user’s existing network infrastructure to collect the data it needs to discover, identify, and analyse the risk of all devices in that environment. The Armis cloud-based analysis engine generates unique information that can be fed back into your network infrastructure to allow it to make better decisions about network access, network allocation, etc. The information that Armis produces includes:

• Device classification

• Software running on each device

• Security risks and alerts.

“Strategic enterprise technology partnerships with Cisco, IBM, Palo Alto, Check Point and FireEye deliver integrated solutions that help automate security notifications and accelerate incident response,” said Kannemeyer.

Other benefits that arise out of integration with Armis include:

• Armis can tell your SIEM (Security Information and Event Management) about events associated with all of the devices in your environment, including devices that cannot accommodate agents and do not produce logs or events. This allows your SIEM to make better decisions, produce more complete reports, and helps you shorten your response time in crisis mode.

• Armis can provide your NAC (Network Access Control) system with real-time knowledge of IoT risks and threats. For example, when Armis detects that a device in your environment is behaving maliciously, Armis can trigger your NAC system to take appropriate action, such as blocking or quarantining that device from the network.

• When Armis detects abnormal or malicious device behaviour, it can tell your firewall to prevent the device from communicating with the Internet. This breaks command and control, and prevents data exfiltration from the compromised device.

Seamless integration

The Armis agentless device security platform gives Palo Alto Networks® customers unparalleled visibility and control. Using the enterprise data in Cortex Data Lake, the platform creates a comprehensive device inventory including the device type, manufacturer, operating systems and versions, reputation, connections and more. It also calculates a unique risk score for each device based on factors like known hardware and software vulnerabilities.

When the Armis platform detects abnormal device behaviour, it notifies the Palo Alto Networks Firewall to block the device automatically, providing peace of mind that attacks are stopped, even if the security team is busy with other priorities.

Armis and Check Point provide superior visibility and security for unmanaged and IoT devices. Without any agents or additional hardware, Armis uses the existing infrastructure to discover and identify every device in any environment—enterprise, medical and industrial. Armis analyses device behaviour to identify risks and threats and provides continuous device risk assessments, without disrupting business operations.

“Armis discovers all devices on your network and in your airspace, including devices that Cisco ISE cannot see such as those that communicate via Bluetooth, Zigbee, and other common IoT protocols. It is able to tell Cisco ISE whenever a device on your network has become a threat. Behavioural anomalies that indicate that the device has been compromised are determined with Armis’ Threat Detection Engine,” Kannemeyer explained.

“It makes sense to consider using Armis technology in your business as it easily integrates with the tools you already have in your security architecture, allowing you to leverage existing investments to achieve greater value and more automated response,” said Kannemeyer.