Name: 30-minute Live Demo - Armis Centrix™ platform / Asset Management & Security
Uploaded: 2025-08-21T18:57:24.720Z
Duration: 39 min 16 s
Description: 30-minute Live Demo - Armis Centrix™ platform / Asset Management & Security

Transcript for "30-minute Live Demo - Armis Centrix™ platform / Asset Management & Security": Devices and protocols. So we can see devices and assets that you have in your IoT and OT network. We can see that devices would have an uptime or build, an effective, comprehensive security strategy around those OT devices. Moving into medical device security gives us complete visibility of all medical assets, whether you have hospital beds, infusion pumps, or anything inside the clinical environment, and look after that complete ecosystem inside the health care operations. Our two last products which we have, what we call VIPER, our vulnerability prioritization and remediation platform, which allows us to look at all of the vulnerabilities across your environment, which relate to the devices that are in your asset register. It allows us to help automate the remediation and build ticketing workflows into that remediation. So it provides a bit more automation around the, control and remediation of vulnerabilities in your assets. And the last bit we have, which is our newest to, products here is actionable threat intelligence. Now this is a very new product for Armus. And what it is, it gives us the early warning systems and allows us to see, your attack vectors across the dark web by using dynamic honeypots, in digital twin, modeling and using Centris Centrix and Viper together to help remediate these threats well in advance before they become critical vulnerability releasements through the n b NBD. So looking at the, explosion of asset vulnerabilities while the cyber attacks are increasing. So we have 50,000,000,000 connected assets at the moment, and that's expected to grow over 50,000,000,000 by 2025. There are 689% of, 25,000 vulnerabilities, like a 689 increase in less than six years. That's a lot for a company to manage going across any of their environments that you own. And if you have large amounts of assets or networks, that's gonna be even more exponentially increasing. And the critical infrastructure cyberattacks have increased by a 140% in 2022. So why the ARMS platform? And this is a very good question. What are the assets across your environment? Do you know all of the the devices and assets that are basically connecting to your networks? Do you know what those devices are doing on those networks? What assets are you missing? What assets are you what are your assets doing today? And what are you able to learn from others, which is part of our whole three three prong attack here, is in your integrations that connect everything in your network. So think of, like, your Azure AD, your mobile device managements, your I IDEM or your, directory management, user management, collecting things across the network, so your telemetry management, and then combining all of those three into, an AI platform, which helps bring all of that together in a central platform and identify things across your network. So why is it important to know this? Because it's very difficult to know all the connected devices across your platform. A lot of times there are devices that are missed. Are people connecting their personal devices such as their own phone to your corporate network? All of those little components provide a huge attack vector that's not always, transmissible and not always able to be seen for everybody across your environments. So this is where Armus becomes a really strong provider for you in building that layer that helps bring what is across your network and what's connecting and joining across network and those attack factors into your your visibility platform. So you could see what those devices are, and you could see where they're communicating to. So this is the important part with the SentriX platform. See, protect, and manage. So if you look at the whole plane of everything in your environment, if you don't know what's on your environment, it's very hard to protect against that, and that makes it in turn very hard to manage. So if you think of a mobile mobile phone device or a laptop, do you know that you have your endpoint detection response installed? If not, you can use Armus to help provide that information to your management layer. And from that point of time, enables you to protect those devices further by enabling those, EDR solutions across your devices. And that's not just the mobile phones and laptops, but we can see that across multiple device types and multiple industries, which is where we get into protecting the operational, or the critical assets across your environment. So think of planes. Think of your manufacturing or medical that you have. All of these little components and little industries that we have, not little industries, they're big industries. All of these industries have a massive amount of protection that are required. Often, a lot of these environments and industries have, a requirement to make people safe in their jobs every day. So you could imagine that having a malfunctioning, device in a in a engineering plant that could pose critical risk to human life. It could cause, cause, you know, protection, for lots of different ways as well. Meaning that, a device that becomes compromised could be trying to attack those devices inside your network or other machines inside the network by turning them off or turning them on or making them run hotter or faster or those sorts of things and causing a compromise across that environment, and that could endanger people's lives. And it could also endanger businesses themselves as well in terms of their revenue or reputation. You don't wanna have a machine that's suddenly printing different circuit boards outside of what they're supposed to do, because that could cost a company a significant amount of money and impact their investing. So all of these little different avenues that we have across industry is really important in protecting your assets, protecting your critical assets, and protecting your endpoint, devices and users in making sure that you have a strong, secure solution to show everything you need across your network. So let's dive into each of these little categories a bit. So Armus is your asset management and security platform. So through this, we can enrich your connections into CMDB by bringing everything across your IT, IoT, OT, IoT medical, and Internet of Things cloud and virtual environments into your CMDB. It allows us to perform a gap analysis and security hygiene for those devices that are connected, helps provide compliance across your, internal and external network, provides your network threat and response capabilities, as well as network segmentation and enforcement. This is really important when you get into the OT environment so that you know that devices in your OT in the Perdoo model are not provide not transmitting between the layers that they're not supposed to go, which is where we get into the IT and OT security. Using that model, we can see the different layers that we have. Now some of these devices are not able to or should not be able to transmit across their different levels, And this allows us to visibly show what devices are communicating through each of the levels, gives deep visibility into your IT and OT environments. Now the IoT and OT environments are becoming one of those things that everybody has to manage now from an IT perspective. The IT guy now is usually the OT and IoT guy. Gives you full visibility into your ICS security hygiene, protects the OT network same as we did with the IT environments, monitor connectivity, and track behaviors across those environments. It allows us to look at the uptime of your processes that are going through those and bridging the IoT OT gap. Medical device security is becoming increasingly important for all organizations that run-in the medical space. If you think about all of the, connected devices now that are as part of a medical or hospital system, your beds are now, generally IT connected or OT connected, IoT connected. Infusion pumps now connected to the network, X-ray devices that are sending information across your, environments into their networking, transmitting pictures and things that they might have. But it allows you to look at the utilization as well as the behavior for the assets that are across your environment that you have. It helps protect the patient's safety and ensure the privacy of their information. There's it allows you to manage the FDA recalls that come across for specific devices and allows you to secure those communications and remediate the recalls that happen. There's also the network segmentation and enforcement. So some of those devices that should not be communicating to the wrong parts of the network or maybe as part of their compromised, and they they're doing something they shouldn't be. Armus helps you see that compromise and report on it and bring it to someone's attention. Lastly, we get into Vypr, and Vypr is our the way that we help remediate vulnerabilities across the entire environment. So it fills the gaps in your vulnerability detection. It allows you to enrich the asset context and your remediation. It also brings in the the priorities for your vulnerabilities that are across your environment because you don't necessarily need to patch every CVE immediately. You wanna patch the ones that are important to your business as a priority. So anything along level five and above, you wanna look at those immediately rather than just trying to patch this. Like, if you look at that pictorial here, 12,300 CVEs is a lot to address for environment. If we can get down to the 1,500 and then find the ones that are really important to you as your business, you can patch those ones first and then organize the priority from one to from 10 to one. It allows you to track the part the progress and manage the progress of these CVs across here so you can build a trending database of information through your systems. As I mentioned before around the, ATI, that is gonna be part of our Vyper offering, so we will have more of that coming up soon. So looking at our platform from a high level, the way we look at building your CMD or enriching your CMDB and building the database across there is part of where we have in the c on the left. So we've got integrations, and we've got over hundreds of integrations. And building the telemetry and capturing the network traffic that goes across through SPAN ports into the Citrix platform, it allows us to feed as as everything that your APIs are seeing, everything that your integrations are seeing, and across your network into our Citrix platform, which is where we get into the protection layer. Using our asset intelligent engine, which has over 4,000,000,000 devices now, we can recognize all the devices in the Citrix platform as they're detected. It allows us to correlate those, different integrations that you have. So if a device is visible in Azure AD and CrowdStrike and Tenable, we can bring that record in and show you all of the layers that that device is connected to. It also allows us to build a stronger story for a single device to show where that device is communicating, how that device is communicating, and what connections that device is made in. All of that comes through the protection platform which we build into Armysys AI engine. And then we move into the management layer. So using network enforcement, using connections into your scene and source solutions, enriching all of the devices from the Armis platform into something such as ServiceNow. It also allows us to build the ticketing workflow so that when Armus is connecting or finding devices that need to be addressed, maybe they've got a vulnerability that needs to be patched, we can automatically trigger a ServiceNow ticket or a Jira ticket for somebody else to go on and address. It helps streamline the workflow for your management teams. Maybe you've got a specific vulnerability team, and we can send those that vulnerability that needs to be addressed to that team through your ServiceNow integrations. We have a lot of analyst recognition across all of the different categories which we've percentages here today. It allows you to see well, we have 27 plus annual supports in the last in the last 12, and we are top performers and leaders in the IoT, OT, and medical device security space. And we got the highest recognition for every product that we bring to the market. And with that, we're going to jump into the demo. Okay. So welcome to the Armis dashboard. So this is the Armis Centrix platform that we have, and I can show you all of the different components that we had, presented in the slides just before. So if we look at our devices we've got here, we've got 320, So 3,231 devices. There's 415 critical risks in this environment. There's a 102 threat activities, and there's 214 unmanaged alerts. So how do we find all of this information? So as I mentioned, we have integrations which we get up here, and this this environment has 33 connected integrations, which include Azure AD, Amazon Web Services, Aruba Wi Fi, Cisco Wi Fi, CrowdStrike, Defender, and multiple different other connectivities. We can simply add new integrations as we want, and we've got 111 that are out of the box. We can create new ones, and we'll create new ones as we, integrate those for customers. But it's very simple to connect any of these systems into Armis to start collecting the data. We also have what we call the collector. So the collector is what allows us to bring, the network traffic or the network layer, using a spam or mirror port into your, Armis Centrix platform. It allows us to watch what goes in and out across the network. It allows us to see the transmission across the network, but it also let lets us view all of the devices and assets that are connected across those across those environments. So if we look at the data sources that we have connected and out of the 37 that we've got, we can see all of the different assets that are being collected through each of the integrations. So each of the integrations provides a specific point or specific connection to help build that layer of where does my device talk to, what API is my device connecting to, what network layer is my device connecting to, and potentially even in the OT space, what level is my Purdue device or OT device communicating across the Purdue model. So if we go and have a look at some of the we'll start here back at the dashboard. So Arnaud provides a very quick and easy visual pane for you to see what's going on in your environment. This dashboard is completely customizable, and we have many inbuilt dashboards for you to use straight away and start connecting with. You can simply add a new dashboard here and create a new one, or you can simply build the ones from value packs, which is where we have all of our integrations allows you to build really quick and simple and easy, dashboards directly for you to use instead of having to build your own when you're becoming as you're becoming familiar with the product, you'll be able to build your own custom ones a little bit easier. So utilizing the ones that we have in here, we'll just go through some of the ones that I've already created. So we have the asset health. It shows you different devices by the data source. So as we showed the data source connection before, we've got different ones with Sentinel, SCCM, Cisco Wi Fi, CrowdStrike. It allows you to see all the devices across the environment that are as part of this asset connection. We can also see things such as corporate computers with no CrowdStrike. Qualys devices, so connecting your Qualys into into Polymer Centrix. You can see the devices that have not had a scan within the last thirty days or longer than last thirty days. Things such as the corporate computers that are not in service now. So as I mentioned before, when you when you're looking at your network layer and you, are aware of what devices may be going in your environment, this is the bit where what about the devices that you don't know that are across your environment? This is the ones that are really important to start to look at you know, in computers in your CMDB that may not be reflected across your environment. So are people buying them on corporate cards and then simply connecting them? Are they connecting their personal devices to the network layer? A lot of these are gonna be seen now inside of this particular environment or particular report. When we get to the management layer, so devices that are unmanageable, so devices that may not have an agent. So they're not enrolled into your, MDM platform or they're not enrolled into your, identity platforms such as Azure or Okta. You've got devices that are failing to update. So, you know, are you, are you getting the right reporting out of SCCM to show devices that are failing getting their packages? Corporate devices that are not being scanned by your current solutions. Macs that are not running Jamf, so connected to your network, and are actually not communicating with your management platform, unmanagement, unmanaged devices, or AD passwords. So it really gets down to how you would wanna manage this and what you would look at. Let me get into other other information such as technical debt. We can start looking at Linux and Linux versions. Are your Linux versions that you're running across your environment up to date? Up to date versioning is a really important part in part in recognizing the symptoms, for vulnerabilities. Do you know what versions of Linux or CentOS? Are there specific ones that you wanna manage and patch around? Looking at different, you know, Windows OSes, do you know what you have running across here? So do you have old Windows XP? Do you have old Windows eight devices or old Windows seven? Devices that are now end of life, but we're able to see across the environment. And in a lot of cases, these can just be switched simply left on, and someone hasn't addressed any of the, the patching for that device or decommissioning of that device for, a period of time. It's really, really important to see what's across your environment and what's connecting to your environment. We can also integrate into building management services. So do you have controls that can manage your environments, your air conditioning, your HVACs, your UPSs, your gateway, security equipment, IP cameras? All of this is really important to see what's communicating across that environment because everything in here poses a risk, or a potential risk for compromise, especially when these become out of date or become nonmanaged. You might have a a specific vendor that becomes compromised, and you wanna go and identify all of those compromised vendors across your environment. That happens quite quite frequently. So let's go and have a look at some of the devices because we do have a lot to cover here in a very short time. So looking at the devices, we've got different ways that Armus identifies your device types, and this is a really strong and powerful thing for managing the device and the device fleet that goes across your environment. So we can see down to virtual machines, personal computers, process logic controllers, mobile phones and infusion pumps, skater servers, voice over IP connections, lighting connections. All of these categorizations is where Armis helps you if you're looking for a specific device type and then to start digging through what that device is. We provide a very, very easy clickable way for you to start looking at those particular device types or device category tiles. I can also look at the asset view and see all of these 3,163 devices. It allows me to go through and see the risk level for a device, alerts that are related to a device, the name of the device, the data sources, so all of the integrations that we're connecting for, the category of the device, the type of the device, brands, impact, MAC address, IP address, and where the device is located. So we've got things here such as the sites and boundaries. Sites can be the physical locations of where you have, specific connectivity, and boundaries will be where you specifically divide that categories into maybe floors, maybe into a business unit, maybe into a specific device type. That's how you would look at that. But the sites allows you to pick multiple locations. So you could have a US manufacturing one. You could get into your, health care one across Switzerland or across The United States, And you can start to look at the devices that are for that location. So you can configure your your armless collectors and you can configure your APIs to perform in a certain site, which allows you to really dive into where is my device at that specific point of time, where is my device connecting to, and what's it connecting to inside that site. So as you may have seen before, we had some connections with, the Aruba Wi Fi or Cisco, controls. That will help decide where a device is or give you the information to where a device is located across that specific information. So let's have a look at a device here. I've got this PC, and it's got three alerts, and it's got a high risk. We can see the data sources are active directory, CrowdStrike, Palo Alto, Qualys, SCCM, and ServiceNow. So inside the device, we can see that this has high risk, many alerts that are going across there, And we can see all of the information pertinent to this device, the communication ports that it's running across. Oh, let's go back one little bit here. The communication ports that the it's going across. We can see that it is a a wired connection, and it's connecting to a Palo Alto switch. We can also see through the inventory the different types of identifiers and information pertinent to that device. So in here, we can see that the the name of the PC of this many, many, many numbers, PC, is connecting across Active Directory, CrowdStrike, Qualys, and SCCM. So we're able to correlate correlate between these data sources and get that information and that name into partners. We can see that CrowdStrike is reporting a serial number. The device has multiple network interfaces. It's got a public IP address here, your CrowdStrike and Qualys agent IDs, and your SCCM unique identifier. And across here in the profile, we can see that the device is a laptop. It's a category, and the brand is a ThinkPad Lenovo Yoga x one. Gives you different levels of what Perdue is going in here. So if this device is part of your OT network, that's where that would become important. But when you're looking at your management layer, which is where the real strength of arms comes in, is starting to look at those integrations and pull the specific variables and values from your integrations where, your Active Directory account may have an expiry date that needs to be met. It might be a contractor, and that might be a date that needs to be set in the future that needs to be met. So if it's exceeding that date and the device is still communicating, you might wanna go and look at that or create a policy to go and view that type of device. When it comes to your BitLocker and EDR solution, is the EDR solution checking in? Is the BitLocker status locked or unlocked? And this is where you're looking at here. CrowdStrike last seen in July 20 or June 2021. That is something that the CrowdStrike administrator would wanna go and look at. The device is obviously being seen inside CrowdStrike, but it's not checking in anymore and doing any more connections. So CrowdStrike, in this case, is technically not running. So when it gets to Qualys, we can see that it's had a a scan complete, but the last scan was also in 2021. So this device communication is something that would probably need to be looked at. Your SCCM creation date, has it been decommissioned? When was the last time it was active across the network? What's the version of Windows 10 that it's been running? And we can see once again all of these correlations of the data sources is giving you the information pertinent to that device. Your build numbers, service pack numbers, patch numbers, the last login time of the device, BIOS that's been run. So is the BIOS in name compromised? Your network attributes that are across the device and little components that you might have across a bit like a EDR and the solutions here. So lots of information that we're finding in helping determine a device risk and a device viability. So if we get into something here such as the applications, we can also see the applications that are communicating and running across the device. Applications do pose their own risk, and versioning control is something that you would want to manage. If you know that there is an old version of Microsoft Edge or maybe an old version of Adobe, you could go through these and see which ones are related to my device. So maybe this Acrobat Reader device here, is is way out of date or the version sorry, device. The application for Adobe Reader versioning is out of date. So we will put a no c and make sure it's up to date. So there's a lot of applications on this particular device, and it's really up to you how you would manage those. But this gives you an additional layer that a lot of other solutions are not going to give you when it looks at the device's particular activities. So if we get into the alerts, on a device, we can see that there are three particular alerts running. So we have a coin hive mining detection, and we can see that there's, no policies currently attached to this. However, the system is related to, or relating that this is a critical vulnerability across this environment. So we can have a look at that vulnerability, and we can see that it's got matching activities, that there's a a mining attempt connection between, one device in here, and it's downloading packet capture across the network environment. We can see the devices that are, affected. So if it's connecting to other devices across the network, we would see more devices in here. If it's affected by user, we would see those. And we can see other alerts that are also, pertaining to this particular device. So if I go back one step here, we can see that there's all of those connections you're seeing directly in here, which builds into the activities. So we can see the communication ports that are happening for that device, communicate being cross port 80. It's doing the crypto mining capabilities or crypto mining, and it's happened multiple times. We can see the time that's been reached at 02:28AM. It's still running a day later at 8AM. There's lots of different ways of communication across the TLS. Do you know where this is going to? And this is really important to see the activity and security activities for your devices. Now this is just one particular device across the environment. Now the Google 3,163 devices, that's a lot to manage. So it really comes down to what's important to you and prioritizing where your risks and vulnerabilities are, which is where you can start looking at the different types of connectivity across your environment. So in the IP connectivity, we can see that there's specific devices such as the Galaxy Tab. There's your more Galaxy Tab devices here. They're all transmitting a large amount of data across the environment. And we can see the communication connectivity that they're going to. So we can see that this device here, which is a client and a server relationship, and it's sharing data between those two connectivities. In a lot of cases, we can see the network ports and servers such as server port here and the transmission protocol that's being used. This is really important when you see things using, the SIP protocol, which is more related to the OT space. It's also great to see when you're looking at your devices, the devices such as IP cameras. So if we get down to here, and I think I may have gone right past it. Right here. Asset IP cameras. Because these also pose a potential risk. So we've got an IP camera here, which you can see from that network layer, there's still risks that exist. So looking at the network layer, we've got different connectivity, and we can see the IP addresses that this device is communicating to. This might be a high risk or high alert that allows you to decide what's important across your network and across your environment. So in the, alerts here, we can see that this one has a botnet attention botnet infection attempt created, which is which is huge to know if you've got a lot of IP cameras and they've got a specific version, as I mentioned before, that becomes compromised, such as this one. We can start to see all of the matching and affected devices. Like, we can see this access, IP camera is connecting to the Palo Alto router. This gives us more insight as to what's going on in that environment and what the activities are in communicating across here, the IP addresses that are going, the ports that are going, and maybe this is where you'd wanna start locking down your environment and looking at what needs to be done across that environment, which is where we get into creating the policies for our environment. So policies is what allows Armus to really decide what to do when it sees an, something across the, across the environment it doesn't know about or doesn't know about. We've got plenty of, building policies that help you add, out of the box connectivity and out of the box, activities across your environment and create alerts across that specific one. You can also create custom alerts here, which is where you would allow, the type of activity that you wanna perform. So we could do a policy driven action. So as a first instance, we could alert somebody depending on the severity of what we have, and we can classify the alert as a specific type of alert. We can also send it to an, an email or email to somebody. We could change the alert action to maybe enforce it across, a wireless controller or block it across a wireless control controller, enforce the device or lock a device that's across there. We can launch a scan or something else for that's in your APIs that are connected to your device. But it allows you to build a custom policy for multi step remediation for your devices. So what about when we get into the prioritization of the vulnerabilities that are across my network? So this is the viper, dashboard we have here. And inside viper, we can see that we've got, 7,415 CVEs across 969 assets in the register, which is all really important for everybody to see because it's down to how would you like to look at the most vulnerable assets or the most critical ones that you see across the environment or the latest ones that are across the CVE headlines, and seeing what devices are related. So we've got in here and we'll have a quick look at this one. So we've got 53 devices that are related to this specific CVE. In the CVE, we can see what the rating is. We can see the score that's coming across, the exploitability for it, and the impact that it has as well as the related CVEs that are not pulling on this one. But it allows you to see the link to where that specific CVE is related. So if I get down to this point and I look at the prioritization, I can see that there's lots of different types of computers, and virtual machines that were related here. So I wanna make this a little bit easier for me to see. So I'm gonna go down to my devices, and I'm gonna add a device type of a server. And we're gonna add a server in here, and we'll hit servers. And then we'll simply search this. Now I know that there are three servers that are related to this specific CVE that I would need to patch as a high or critical related vulnerability across the environment. So this is really starting the surface of where Armus can help, give you the most amount of information in a, in a short period of time and helping divide and conquer your environments that you have and making your environments cleaner, less vulnerability, and less of a risk to your business. So with that, I'm gonna stop sharing here and see if there's any questions from Antonio. Justin, we have a few question in the chat. Could you please address them? Yeah. Perfect. Let's see what we've got here. Okay. How does Armus collect the network traffic? Is it physical or virtual? Great question. So, yes, Armus has the collector appliances I mentioned before, and the collector appliance is either physical or virtual. It's up to you where you would put that layer of information or where you would put that appliance, but the physical ones will take a little bit longer to to build and set up as opposed to the, virtual ones, which you can spin up very, very quickly. K. Can Armas see who owns a device? Yes. Great question. Okay. So let me just show you how to do that right here. So let's go and have a quick look. We've got users that are already connected through the IDAM solution. But what about finding devices that a user would have? So if I go to my assets view and the device we had before, inside of our inventory, you may have noticed all those with a keen eye. We have the users connection here. So this user, Harrison four t, is connected to a specific device. So in this case, we can see all of the other devices that the user would have. And in this case, Harrison Ford is related to other multiple high risk devices. So it's most likely that the compromise has happened to one device has stemmed to the other devices across the network. I think we'll hand it back to Antonio to close it out for me. Yes. Thank you, Dave. It is now the end of the session, and we have received many questions. We will answer the rest of your question via email. I want to thank everyone for joining us today. Thank you, Dave, for your amazing presentation. For more information about Armys, please visit armys.com. Have a great day. Thank you. Thank you.