CDM Evolution: Unmanaged Devices and Fusion of Asset Visibility

Presented by Armis Armis's logo

Presented by Armis Armis's logo

By Armis

|

Agencies must protect the growing number of unmanaged devices connected to their networks to prevent cyber exploits.

Organizations have to manage and protect the growing number of unmanaged devices connected to their networks in order to reduce vulnerabilities and protect their data against security beaches.

There are billions of connected devices in use such as printers, switches, medical devices, and IP cameras, that are unprotected and unmanaged creating a cyber blind spot. Many of these devices are running embedded operating systems and could easily be vulnerable to exploits if not protected.

“As we move into unmanaged devices, we have very limited visibility and control,” said Joe Hamblin, U.S. Federal CTO at Armis. “Basically all we know is that we have an IP address. We don’t know the manufacturer. We don’t know the version.”

The Continuous Diagnostics and Mitigation (CDM) program helps agencies manage their managed devices, such as servers and PCs; however, it does not help them identify and evaluate unmanaged devices, or off-network devices, such as those used in building management systems.

“Our concept of cybersecurity needs to be broadened,” Hamblin said. “In order to have a complete cyber picture, you need to have awareness of all these devices--managed devices, unmanaged devices, as well as HVAC systems.”

Armis provides complete visibility into managed devices, unmanaged and IOT devices, as well as off-network devices. It can discover all assets on the network, identify risks and gaps, and automate enforcement using an agentless device security platform.

The company details specific characteristics of a device, such as the manufacturer, how the device communicates, and what protocols it uses, and highlights any policy violations, misconfigurations, or abnormal behavior.

It relies on its cloud-based, crowd sourced, device knowledgebase, which tracks over one billion devices. It can also identify new devices on the network, such as 3D printers, and quickly create a model around this device to add to the database.

The platform connects into agency systems via various routes, such as scanners and endpoint detection and response systems, to identify and characterize assets, and then identify associated risks and gaps including risk-based policy violations, configuration errors, and compromised credentials.

Organizations can characterize or quantify their risk based on their needs, Hamblin said. “There is a baseline, but different customers will put a different emphasis on different things, and we allow that to be done.”

Once a questionable device is detected, Armis is able to kick a device from the network. It can also detect malware, ransomware, or exploits, as well as security policy violations and anomalous communications.

Armis supports the zero trust model, which is the foundation of CDM, he said. It can track device behavior and display alert and remediation recommendations, block devices at network control points, and feed alerts to SIEM and incident response systems.

“If it’s communicating on the network, we are going to discover it,” Hamblin said. “And then we’re going to identify gaps and vulnerabilities, automate security enforcement… and eliminate complexity and fragmentation.”

As a SaaS solution, it offers out-of-the-box integration with numerous vendors such as ServiceNow, Tenable, Splunk, Active Directory, and Okta. It collects data from various sources such as IP and MAC addresses, device type and manufacturer, connection type, switch name and location, and encryption usage.

“The more data we can get access to, the more complete our picture of the environment, and the more value we can provide to the customer,” Hamblin said.

Armis also supports network segmentation, which allows an organization for instance, to keep an IP camera off the corporate network. It will discover and classify the device and send the classification information to a third party to enforce network segmentation policies.

“We are monitoring this in real time,” he said. “All these evaluations of devices are ongoing. It’s not a static thing.”

This content is made possible by our sponsor ArmisThe editorial staff was not involved in its preparation.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.