sponsor content What's this?
CDM Evolution: Unmanaged Devices and Fusion of Asset Visibility
Agencies must protect the growing number of unmanaged devices connected to their networks to prevent cyber exploits.
Organizations have to manage and protect the growing number of unmanaged devices connected to their networks in order to reduce vulnerabilities and protect their data against security beaches.
There are billions of connected devices in use such as printers, switches, medical devices, and IP cameras, that are unprotected and unmanaged creating a cyber blind spot. Many of these devices are running embedded operating systems and could easily be vulnerable to exploits if not protected.
“As we move into unmanaged devices, we have very limited visibility and control,” said Joe Hamblin, U.S. Federal CTO at Armis. “Basically all we know is that we have an IP address. We don’t know the manufacturer. We don’t know the version.”
The Continuous Diagnostics and Mitigation (CDM) program helps agencies manage their managed devices, such as servers and PCs; however, it does not help them identify and evaluate unmanaged devices, or off-network devices, such as those used in building management systems.
“Our concept of cybersecurity needs to be broadened,” Hamblin said. “In order to have a complete cyber picture, you need to have awareness of all these devices--managed devices, unmanaged devices, as well as HVAC systems.”
Armis provides complete visibility into managed devices, unmanaged and IOT devices, as well as off-network devices. It can discover all assets on the network, identify risks and gaps, and automate enforcement using an agentless device security platform.
The company details specific characteristics of a device, such as the manufacturer, how the device communicates, and what protocols it uses, and highlights any policy violations, misconfigurations, or abnormal behavior.
It relies on its cloud-based, crowd sourced, device knowledgebase, which tracks over one billion devices. It can also identify new devices on the network, such as 3D printers, and quickly create a model around this device to add to the database.
The platform connects into agency systems via various routes, such as scanners and endpoint detection and response systems, to identify and characterize assets, and then identify associated risks and gaps including risk-based policy violations, configuration errors, and compromised credentials.
Organizations can characterize or quantify their risk based on their needs, Hamblin said. “There is a baseline, but different customers will put a different emphasis on different things, and we allow that to be done.”
Once a questionable device is detected, Armis is able to kick a device from the network. It can also detect malware, ransomware, or exploits, as well as security policy violations and anomalous communications.
Armis supports the zero trust model, which is the foundation of CDM, he said. It can track device behavior and display alert and remediation recommendations, block devices at network control points, and feed alerts to SIEM and incident response systems.
“If it’s communicating on the network, we are going to discover it,” Hamblin said. “And then we’re going to identify gaps and vulnerabilities, automate security enforcement… and eliminate complexity and fragmentation.”
As a SaaS solution, it offers out-of-the-box integration with numerous vendors such as ServiceNow, Tenable, Splunk, Active Directory, and Okta. It collects data from various sources such as IP and MAC addresses, device type and manufacturer, connection type, switch name and location, and encryption usage.
“The more data we can get access to, the more complete our picture of the environment, and the more value we can provide to the customer,” Hamblin said.
Armis also supports network segmentation, which allows an organization for instance, to keep an IP camera off the corporate network. It will discover and classify the device and send the classification information to a third party to enforce network segmentation policies.
“We are monitoring this in real time,” he said. “All these evaluations of devices are ongoing. It’s not a static thing.”
This content is made possible by our sponsor Armis. The editorial staff was not involved in its preparation.