Know What Is Connected to Your Network, You Can’t Secure What You Cannot See.
With the growing landscape of connected devices statistics say that 30% of all connected devices are unknown to organizations. Sometimes that means that they are not aware of the presence of this device. However, they are always considered to be sort of black boxes on the network where the organization cannot really control these devices, nor has insight in what these devices are doing. The fact is that 70% of organizations that suffer from a cyberattack in any shape or form, suffer from this attack through an unknown or unmanaged asset.
Therefore, the first step to beef up your cybersecurity strategy is knowing what is connected, where it is connecting to and what protocols it is using. Not all connected devices are managed by one of the many tools organizations have in place, but they all put traffic on the network to analyze. By analyzing this traffic, you can gather insights in these assets. What type of asset it is? Where is it connecting? What applications is it using and what version are being used? This is critical information since you cannot secure what you cannot see.
How Armis can help you.
Armis will gather asset information by two main components to make sure you get full visibility on your network.
- The first way is that they sit on strategic points in the network to capture the network traffic. The Armis collector will gather all the network that passes through that point, strip of the data and sent the metadata towards the Armis cloud for further processing.
- The second way is that they connect towards your existing management tools. This can be the MDM, the EDR, the network devices or the identity database like Active Directory. Armis currently support over 100 integrations with various products.
The combination of these two components makes for a powerful tool where you can get visibility on assets that are not in any of these management tools, but you also do not need all the network traffic to get a full inventory.
Not only can you gather a full inventory without the need to capture all network traffic, which can become expensive, you can also perform gap analysis. All organizations will already have cybersecurity tools in place. Confirming these tools are correctly installed on all assets is a painful process without a tool like Armis. Since Armis gather information from the network and integrates with Active Directory, your EDR solution and your NAC solution for example. We can identify which devices are known on the network, know or unknown in Active Directory without your EDR solution installed.
Example of Performing gap analysis with Armis.
One anonymous example that we can provide is a customer that deployed a new EDR solution on all the devices that previously had the antivirus installed. They installed the EDR solution on 1500 endpoints and successfully closed the project. However, after a gap analysis with Armis, it became clear that they had 1800 managed endpoints in Active Directory that were connecting on the network. By performing this gap analysis, they identified the 300 endpoints lacking the EDR solution and were able to complete the rollout to 100% of their managed endpoints.
Improving Network segmentation with Armis.
Another example where Armis can help is to identify if your segmentation is configured correctly. The only real security that you can perform for unmanaged endpoints is to segment the traffic from the rest of the network. You can of course verify the logs of your security enforcement device, but these logs are often huge and most of the time you are not logging allowed traffic. With Armis you can create policies to verify if one the segmented devices is talking towards a destination that should be cut off. If the policy hits, a ticket can be opened automatically to finetune the security policy that enforces the segmentation.
Asset management and NIS2?
50 billion, the number of connected assets (IT/OT/IOT/IMoT/virtual) is expected to grow from 23.8 to 50 billion by 2025. Another big number is 76. This is the average number of security tools organizations have to manage.
Comprehensive frameworks will help organizations to prioritize their spendings and time devoted to these solutions to make sure that you go from the basics towards fully covered and compliant.
One of these frameworks is the cyber fundamentals by the Belgian Centre for Cybersecurity (CCB). This framework neatly touches in with the NIS2 regulation that is becoming the norm in our part of the world. The framework includes a set of concrete measures to protect data and significantly reduce the risk of most common cyber-attacks and increase the cyber resilience of organizations.
According to this framework, the first step is to identify all assets that are connected in an organization. Armis can provide this first step towards organizations and thus, make them compliant to the first and key obligation of the NIS2 directive.
If you want to know more about what is new in Armis of Armis in general. Contact Jarviss!
Send us an email at info@jarviss.nl or give us a call at +31 20 764 0807.
Author: Yves Weyns