Name: 30-minute Live Demo Armis Centrix™ for Vulnerability Prioritization and Remediation
Uploaded: 2024-09-26T18:29:32.693Z
Duration: 30 min 4 s
Description: 30-minute Live Demo Armis Centrix™ for Vulnerability Prioritization and Remediation

Transcript for "30-minute Live Demo Armis Centrix™ for Vulnerability Prioritization and Remediation": Drowning in a sea of vulnerabilities? Wasting your valuable time on CVEs that pose little or no risk to your business? The volume of accumulated vulnerabilities that organizations need to deal with today is measured in the millions. Every organization is faced with too many vulnerabilities, limited resources, and often the lack of a clear remediation and tracking process. Armis takes into account known exploited vulnerabilities, ransomware associations, business criticality of the asset, and assesses it against the Armis AI driven asset intelligence engine. Finally, there's a product that understands which vulnerabilities pose the greatest risk in your business and knows how to address them. Armacentrix for vulnerability prioritization and remediation discovers and consolidates all vulnerabilities on any asset, produces a manageable list of vulnerabilities that pose the greatest risk to your business, orchestrates the remediation workflows by working with your existing IT stack. Ready to be laser focused on the vulnerabilities that matter? Visitarmus.com. Hello, and welcome, everyone. And thank you for joining us at today's Armist demo. I am Antonio Querales, one of the campaign marketing manager at Armist, and I will be your host today. In this session, we will discuss Armys' Centrix for vulnerability, prioritization, and remediation. But before we dig in into our demo, I would like to cover some housekeeping items. This is a 30 minute demonstration. This session is being recorded, and it will be available for you on demand. Please submit your question in the chat, and we will address them at the end of the presentation. We have provided some additional resources for you on the topic. Please check them out after the webinar. With that, I would like to introduce our speaker, Mike Atkinson, Marley or sales engineer at Armis. And now, Mike, I handed this up to you. Thank you. Hey. Thanks, everyone, for being here today. Really appreciate it. Mike Atkinson here. We're gonna talk about Armisentrics for vulnerability prioritization and remediation. So the current model is broken. Customers look at CVSS scores. They look at EPSS scores, and they don't really understand what they need to do and how to get it done. The missing component here is prioritization, and prioritization is absolutely essential for vulnerabilities and risk management in general. Nobody has enough resources to address risk, and so you must prioritize. And without adequate prioritization, there's a lot of time wasted. And when there's time wasted for critical risk and critical vulnerabilities, breaches are the end result pretty regularly. They're still the organizations still remain at risk. So we need a new approach. We need to understand about what to do with flash alerts and early warning. We need to know which assets are exposed. We need to know the criticality of the vulnerability and the impact to the asset. We've gotta put all of those things together in order to understand exactly how to get things done in the quickest, most expeditious way to reduce the organization's risk. And that's where our mission tricks for vulnerability prioritization and remediation comes into play. We have to see the entire act attack surface. We need to protect it against exposures and threats, and we have to manage the risk reduction process. If we do those things, we can drastically reduce the amount of risk that the organization is exposed to. So here's how we do it. Vulnerability prioritization and remediation is one of the AI driven products in the Armis platform. And what it lets us do is fill in those coverage gaps and consolidate the vulnerabilities, enrich the information with asset context and recommendations, prioritize vulnerabilities appropriately, help you remediate them, track progress, and manage the process. So we first need to fill in those coverage gaps and consolidate the vulnerabilities. In addition to aggregating the data from scanners and EDR tools, we also have to make sure that we're looking at everything. It's very common for scanners to not scan certain devices because they're not designed to be scanned or because the customer just doesn't have enough, licenses for the vulnerability scanner to scan something. There may be other reasons as well. We can see everything while also ingesting the data from the scanners and from other tools. And then we can enrich that information with asset context and recommendations. The context of the asset is essential to prioritization because if you don't know what the asset's doing, where it's located, and who's using it, you don't know what the business impact of it is. And then we can prioritize the vulnerabilities based on the risk to the business. Thank you. I'm gonna start the demo. This is the Armus SentriX platform. This is a demo environment. We're not showing you real customer data here. Over here, you can see we have total and new devices. Critical risk devices are located here, threat activities, and unhandled alerts are here. We can close that that window if we don't need to see it. Here, we show the physical location of assets. This can be as broad or as granular as you like for it to be. We also can segment assets by logical boundaries. Customers have been using this for all manner of different capabilities within their environment, assigning things to specific departments, for example, no matter where they are physically, having industrial control systems broken out as their own thing, guest networks, medical devices, nursing units. The sky's the limit as for how you might want to logically segment your devices. And here, we're showing, currently the last 7 days of metadata. I'm gonna change it to 30 days, and you'll see that everything changes on the screen. 30 days is the maximum that we normally show in the user interface, and I do wanna emphasize the word metadata. We are only looking at I do wanna emphasize the word metadata. Armis does not send your payload data off your network, not everyone. We have a number of different dashboards in this environment. You can have as many dashboard tabs as you like. They can be assigned to different people. They can be shared. They can be individually used. Armis comes with an enormous dashlet library where you can take any one of the dashlets that we have in the platform now and use them as they are or customize them to your heart's content. You can also create a custom dashboard from scratch here. We'll show you more about this in a bit. One of the strengths of Armis is that we can discover every single asset on your network. And when we do, we are figuring out what it is for you. You're not telling us this is a switch, this is a media player, this is an ultrasound, this is a pneumatic tube system. RMS understands what these devices are and automatically identifies them and types them appropriately. Let's take a quick peek at a laptop asset. So here you see we have an overview of this specific laptop. We understand its name. We know who made it. We know its serial number. We know that it's a laptop computer. We know that it's running Windows 10 where we last saw it. We're calling it a high risk device with 3 alerts, and we're getting data from a lot of different sources. So here, we're getting data from Active Directory, CrowdStrike, Palo Alto GlobalProtect, Qualys, SCCM, ServiceNow, our own SPAN TAP capability, Aruba wireless LAN controllers. So we can see all of these different data sources have a big impact on our ability to know what the device is, what it's doing, and how we can, resolve whatever vulnerabilities are. We can get into deep inventory information here. We can show exactly what devices it's been talking with. We can see what alerts are firing on this device, and it's coin hive mining, what activities the device is engaged in over the on the network. Over a 100 different types of activities being recorded both over the last 90 days and in real time. We see what applications are running on the on the device. And now let's take a look at risks and vulnerabilities. So we've got, some risk factors here, and that's worth examining. We've got an encrypted credentials being used across the network. Application risk score is high. End of life operating system is in use and more. Vulnerabilities are here. I'm gonna shrink the sidebar. And now we can see details of every vulnerability on this specific device and where we learned the information from. So let's take a look at one more device that doesn't have so much, so many different data sources for it. Let me take a look at an IP cam. Now the only data source we have for this guy is our SPAN TAP port. I mean, we know things about it from the ARMA's knowledge base and from user information that's been added to it. For example, it has a tag here for privilege. That means that there's a user who wrote a policy or manually configured this to have that privilege tag. But we still, skipping ahead to vulnerabilities, we still get all this incredibly valuable vulnerability data. This is an IP camera. If you scan this IP camera, you could impact its availability. That's very common for IoT devices, for industrial control systems devices, for medical devices. But here, we gain this access, this this visibility to the vulnerability on this device, 137 of them that we've seen of late without any scanning. We're doing this completely passively. So Armis does more than find the vulnerabilities. This is great, but this is gonna be really difficult to address. Every organization has limited resources to address risk, every single one. And if you have limited resources to address risk, you must prioritize in order to solve the risks that are most impactful to your organization first. So here, we're down to a more manageable number of vulnerabilities to resolve, and here, we're down to a far more manageable number of vulnerabilities to resolve on the most vulnerable assets, including 2 with early warning. So Armus Centrix for actionable threat intelligence has matched assets in your environments with CVEs from the early warning list. This is a new capability of ARRIS. We are using artificial intelligence combined with human intelligence to learn what threat actors are planning to attack, and that's what early warning helps us accomplish. We can also show you vulnerabilities by asset type, by operating system, by application, by site. Here in this summary screen. We can show you CVEs in the headlines here. And if we need to get into a deeper list, let's start with attacks that let's start with vulnerabilities that are in the last 7 days, status open, confidence level of confirmed and high, and attack complexity low. And now we can see all those vulnerabilities that meet all of those criteria on 841 devices. If we go back 30 days, we'll see it remains the same. So we haven't made a lot of progress in our demo environment of resolving vulnerabilities in the last 30 days. That'll happen. What if we only need to know what's going on in our Switzerland enterprise site? We can show you that right away. And if we wanted to go deeper and just look at Geneva, that's just as easy to accomplish. What if what we want to do is look at devices based on the vulnerabilities that they have. Here, we're seeing vulnerabilities, and we have the ability to access the devices over here. But what if we wanted to start with the device itself? Everything in Armis is a search. So we'll start by searching with devices over the last 30 days, and then add the linked entity of vulnerability. Everything to the right of the entity that we're searching for, in this case, devices, previously, it was vulnerabilities. Everything to the right is a filter. So let's take a look at properties of confidence level. That's very important. So we'll just say confirmed and high severity of critical and high and exploitability with the intact complexity being low. We did a very similar search a minute ago, and it showed us the vulnerabilities and gave us the option to go to the device. This shows us the devices. And gives us the option to see the individual So now we see the devices that have vulnerabilities with the confidence level confirmed and high, severity critical at high, and attack complexity low. But what if we care more about medical devices than the other ones? Maybe maybe I'm on a medical device security team. I can add that. In this case, I clicked on it by device category. I can add that to the search very quickly and easily, and then I can slice this up and summarize devices by location, if I prefer. And as you can see, we have a 117 medical devices in New York with vulnerabilities of confidence level confirmed and high, severity levels of confirmed and high, and attack complexity well. So we can surface and visualize this information in a way that's very difficult to do without true asset intelligence. Customers before Armis are doing much of this sort of work in a highly manual way using Excel, essentially, to take the information that they've gathered from their, existing security tools and using Excel to show them which devices that are medical devices in the New York, area that have critical and high vulnerabilities with, confidence level confirmed and high and attack complexity low. This is hard to do without a dedicated tool. The Armis platform not only allows us to do this at lightning speed and visualize it in ways that makes the most sense for you, but it also gathers this data for you so you don't have to enter it all into your Excel spreadsheet. Antonio, that's pretty much what I have on it. So, Antonio, I'm looking at some of the questions in the chat, and here's one. Isn't the list of CVEs prioritized by severity all we need? I would say no. Every single organization has limited capacity to address risk. Nobody has enough resources to address all the risk in your environment. And CVEs, while they're an important input to risk, they're not everything. As we can see on our primary AVM dashboard, there's more to risk than severity of a CVE. We want to address our most vulnerable assets first, and that's really hard to do without asset intelligence. Another question, I cannot scan my industrial control systems devices because it could impact availability. How does Armis obtain vulnerabilities without endangering uptime? I'm glad that question was asked. Armis is continuous, passive, and agentless. We don't try to put any agent on any customer device. So on industrial control systems networks, we have a completely passive network traffic analysis sensor, we call it a collector, that it cannot emit a packet. It cannot emit a frame. It cannot do anything to that network traffic, but it can sense it. And when we sense that network traffic, we can, with a great deal of precision, fingerprint the devices and see what vulnerabilities are known about them. So that's how in an industrial control systems network, we would both discover the devices, develop all that valuable asset intelligence, but also be able to do vulnerability prioritization remediation. And, here's another question. How can Armis help us automate vulnerability management? Armis recently acquired a company known as Silk Security. We're not going to be, demonstrating Silk Security today, but what Silk Security does in a nutshell is it takes every single security finding from every existing tool that a customer has, deduplicates it, normalizes it, and understands what the actual vulnerabilities are. And it's not just vulnerabilities. It's findings. So that means misconfigurations of cloud assets and things like that. Once we get all those findings into a list, we can group them by how to fix them. Because, typically, one fix can fix a lot of different problems fairly straightforward in a fairly straightforward manner. So once we have that done, we can then discover who the asset owner is. Let me start that part of the question. The the answer over. Once we have everything normalized and deduplicated and grouped, Silk can then assign it to the asset owner by opening a ticket in the appropriate system and monitoring that ticket over time to make sure it gets addressed. We've heard of customers where, tickets get closed without, risks being addressed, and Silk can help us do that. How are Armis platform updates handled? Armis is a cloud service. We don't ask our customers to do software or, OS updates on our sensors. We don't ask customers to do updates in their cloud tenant. We're handling all of that for our customers. We're we're a full cloud service with the only on premise component being that sensor that we call a collector. The sensors, the collectors, they come in sizes. They can be physical or virtual. Perfect. So, that's all I had today, folks. I really appreciate your time and attention. Antonio, back to you. Thank you. It is now the end of the session, and we have received many questions. We will answer the rest of your question via email. I want to thank everyone for joining us today. Thank you so much, Mike, for your amazing presentation, and and thank you so much, everyone, for your time. For more information about Armis, please visit armis.com. Have a great day. Thank you. Thanks, everyone. Drowning in a sea of vulnerabilities? Wasting your valuable time on CVEs that pose little or no risk to your business? The volume of accumulated vulnerabilities that organizations need to deal with today is measured in the millions. Every organization is faced with too many vulnerabilities, limited resources, and often the lack of a clear remediation and tracking process. Armis takes into account known exploited vulnerabilities, ransomware associations, business criticality of the asset, and assesses it against the Armis AI driven asset intelligence engine. Finally, there's a product that understands which vulnerabilities pose the greatest risk in your business and knows how to address them. Armacentrix for vulnerability prioritization and remediation discovers and consolidates all vulnerabilities on any asset, produces a manageable list of vulnerabilities that pose the greatest risk to your business. Orchestrates the remediation workflows by working with your existing IT stack. Ready to be laser focused on the vulnerabilities that matter? Visit armis.com.