(upbeat music) >> Hello everyone, welcome back to the manager risk across the extended attack surface with Armis. I'm John Furrier, your host of theCUBE. Got the demo. Got here, Bryan Inman sales engineer at Armis. Bryan, thanks for coming on. We're looking forward to the demo. How you doing? >> I'm doing well, John, thanks for having me. >> We heard from Nadir describing Armis' platform, lot of intelligence. It's like a search engine meets data at scale, intelligent platform around laying out the asset map, if you will, the new vulnerability module among other things that really solves CISCO's problems. A lot of great customer testimonials and we got the demo here that you're going to give us. What's the demo about? What are we going to see? >> Well, John, thanks. Great question. And truthfully, I think as Nadir has pointed out what Armis as a baseline is giving you is great visibility into every asset that's communicating within your environment. And from there, what we've done is we've layered on known vulnerabilities associated with not just the device, but also what else is on the device. Is there certain applications running on that device, the versions of those applications, and what are the vulnerabilities known with that? So that's really gives you great visibility in terms of the devices that folks aren't necessarily have visibility into now, unmanaged devices, IoT devices, OT, and critical infrastructure, medical devices things that you're not necessarily able to actively scan or put an agent on. So not only is Armis telling you about these devices but we're also layering on those vulnerabilities all passively and in real time. >> A lot of great feedback we've heard and I've talked to some of your customers. Rhe agentless is a huge deal. The discoveries are awesome. You can see everything and just getting real time information. It's really, really cool. So I'm looking forward to the demo for our guests. Take us on that tour. Let's go with the demo for the guests today. >> All right. Sounds good. So what we're looking at here is within the Armis console is just a clean representation of the passive reporting of what Armis has discovered. So we see a lot of different types of devices from your virtual machines and personal computers, things that are relatively easy to manage. But working our way down, you're able to see a lot of different types of devices that are not necessarily easy to get visibility into, things like your up systems, IT cameras, dash cams, et cetera, lighting systems. And today's day and age where everything is moving to that smart feature, it's great to have that visibility into what's communicating on my network and getting that, being able to layer on the risk factors associated with it as well as the vulnerabilities. So let's pivot over to our vulnerabilities tab and talk about the the AVM portion, the asset vulnerability management. So what we're looking at is the dashboard where we're reporting another clean representation with customizable dashlets that gives you visuals and reporting and things like new vulnerabilities as they come in. What are the most critical vulnerabilities, the newest as they roll in the vulnerabilities by type? We have hardware. We have application. We have operating systems. As we scroll down, we can see things to break it down by vulnerabilities, by the operating system, Windows, Linux, et cetera. We can create dashlets that show you views of the number of devices that are impacted by these CVEs. And scrolling down, we can see how long have these vulnerabilities been sitting within my environment? So what are the oldest vulnerabilities we have here? And then also of course, vulnerabilities by applications. So things like Google Chrome, Microsoft Office. So we're able to give a good representation of the amount of vulnerabilities as they're associated to the hardware and applications as well. So we're going to dig in and take a a deeper look at one of these vulnerabilities here. So I'm excited to talk today about of where Armis AVM is, but also where it's going as well. So we're not just reporting on things like the CVSS score from NIST NVD. We're also able to report on things like the exploitability of that. How actively is this CVE being exploited in the wild? We're reporting EPSS scores. For example, we're able to take open source information as well as a lot of our partnerships that we have with other vendors that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware, et cetera. But where we're going with this is in very near future releases, we're going to be able to take an algorithm approach of, what are the most critical CVSS that we see? How exploitable are those? What are common threat actors doing with these CVEs? Have they weaponized these CVEs? Are they actively using those weaponized tools to exploit these within other folks' environments? And who's reporting on these? So we're going to take all of these and then really add that Armis flavor of we already know what that device is and we can explain and so can the users of it, the business criticality of that device. So we're able to pivot over to the matches as we see the CVEs. We're able to very cleanly view, what exactly are the devices that the CVE resides on. And as you can see, we're giving you more than just an IP address or a lot more context and we're able to click in and dive into what exactly are these devices. And more importantly, how critical are these devices to my environment? If one of these devices were to go down if it were to be a server, whatever it may be, I would want to focus on those particular devices and ensuring that that CVE, especially if it's an exploitable CVE were to be addressed earlier than say the others and really be able to manage and prioritize these. Another great feature about it is, for example, we're looking at a particular CVE in terms of its patch and build number from Windows 10. So the auto result feature that we have, for example, we've passively detected what this particular personal computer is running Windows 10 and the build and revision numbers on it. And then once Armis passively discovers an update to that firmware and patch level, we can automatically resolve that, giving you a confidence that that has been addressed from that particular device. We're also able to customize and look through and potentially select a few of these, say, these particular devices reside on your guest network or an employee wifi network where we don't necessarily, I don't want to say care, but we don't necessarily value that as much as something internally that holds significantly, more business criticality. So we can select some of these and potentially ignore or resolve for determining reasons as you see here. Be able to really truly manage and prioritize these CVEs. As I scroll up, I can pivot over to the remediation tab and open up each one of these. So what this is doing is essentially Armis says, through our knowledge base been able to work with the vendors and pull down the patches associated with these. And within the remediation portion, we're able to view, for example, if we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, right now we're able to view which patches are going to gimme the most impact as I prioritize these and take care of these affected devices. And lastly, as I pivot back over. Again, where we're at now is we're able to allow the users to customize the organizational priority of this particular CVE to where in terms of, this has given us a high CVSS score but maybe for whatever reasons it may be, maybe this CVE in terms of this particular logical segment of my network, I'm going to give it a low priority for whatever the use case may be. We have compensating controls set in place that render this CVE not impactful to this particular segment of my environment. So we're able to add that organizational priority to that CVE and where we're going as you can see that popped up here but where we're going is we're going to start to be able to apply the organizational priority in terms of the actual device level. So what we'll see is we'll see a column added to here to where we'll see the the business impact of that device based on the importance of that particular segment of your environment or the device type, be it critical networking device or maybe a critical infrastructure device, PLCs, controllers, et cetera, but really giving you that passive reporting on the CVEs in terms of what the device is within your network. And then finally, we do integrate with your vulnerability management and scanners as well. So if you have a scanner actively scanning these, but potentially they're missing segments of your net network, or they're not able to actively scan certain devices on your network, that's the power of Armis being able to come back in and give you that visibility of not only what those devices are for visibility into them, but also what vulnerabilities are associated with those passive devices that aren't being scanned by your network today. So with that, that concludes my demo. So I'll kick it back over to you, John. >> Awesome. Great walk through there. Take me through what you think the most important part of that. Is it the discovery piece? Is it the interaction? What's your favorite? >> Honestly, I think my favorite part about that is in terms of being able to have the visibility into the devices that a lot of folks don't see currently. So those IoT devices, those OT devices, things that you're not able to run a scan on or put an agent on. Armis is not only giving you visibility into them, but also layering in, as I said before, those vulnerabilities on top of that, that's just visibility that a lot of folks today don't have. So Armis does a great job of giving you visibility and vulnerabilities and risks associated with those devices. >> So I have to ask you, when you give this demo to customers and prospects, what's the reaction? Falling out of their chair moment? Are they more skeptical? It's almost too good to be true and end to end vulnerability management is a tough nut to crack in terms of solution. >> Honestly, a lot of clients that we've had, especially within the OT and the medical side, they're blown away because at the end of the day when we can give them that visibility, as I've said, Hey, I didn't even know that those devices resided in that portion, but not only we showing them what they are and where they are and enrichment on risk factors, et cetera, but then we show them, Hey, we've worked with that vendor, whatever it may be and Rockwell, et cetera, and we know that there's vulnerabilities associated with those devices. So they just seem to be blown away by the fact that we can show them so much about those devices from behind one single console. >> It reminds me of the old days. I'm going to date myself here. Remember the old Google Maps mashup days. Customers talk about this as the Google Maps for their assets. And when you have the Google Maps and you have the Ubers out there, you can look at the trails, you can look at what's happening inside the enterprise. So there's got to be a lot of interest in once you get the assets, what's going on those networks or those roads, if you will, 'cause you got in packet movement. You got things happening. You got upgrades. You got changing devices. It's always on kind of living thing. >> Absolutely. Yeah, it's what's on my network. And more importantly at times, what's on those devices? What are the risks associated with the the applications running on those? How are those devices communicating? And then as we've seen here, what are the vulnerabilities associated with those and how can I take action with them? >> Real quick, put a plug in for where I can find the demo. Is it online? Is it on YouTube? On the website? Where does someone see this demo? >> Yeah, the Armis website has a lot of demo content loaded. Get you in touch with folks like engineers like myself to provide demos whenever needed. >> All right, Bryan, thanks for coming on this show. Appreciate, Sales Engineer at Armis, Bryan Inman. Given the demo God award out to him. Good job. Thanks for the demo. >> Thanks, thanks for having me. >> Okay. In a moment, we're going to have my closing thoughts on this event and really the impact to the business operations side, in a moment. I'm John Furrier of theCUBE. Thanks for watching. (upbeat music)

>> Okay, welcome back to the portion of the program for customer lightning talks, where we chat with Armis' customers for a rapid fire five minute session on their Cisco perspectives and insights into cybersecurity. First up is Tim Everson, CISO of Kalahari resorts and conventions. Let's get it going. Hi, Tim. Welcome to theCUBE and Armis program, managing risk across your extended surface area. >> Thanks for having me appreciate it. >> So let's get going. So unified visibility across the extended asset serves as key. You can't secure what you can't see. Tell me about what you're able to centralize, your views on network assets and what is Armis doing from an impact standpoint that's had on your business? >> Sure. So traditionally basically you have all your various management platforms, your Cisco platforms, your Sims, your wireless platforms, all the different pieces and you've got a list of spare data out there and you've got to chase all of this data through all these different tools. Armis is fantastic and was really point blank dropping in place for us as far as getting access to all of that data all in one place and giving us visibility to everything. Basically opened the doors letting us see our customer wireless traffic, our internal traffic, our PCI traffic because we deal with credit cards, HIPAA, compliance, all this traffic, all these different places, all into one. >> All right, next up, vulnerability management is a big topic, across all assets, not just IT devices. The gaps are there in the current vulnerability management programs. How has Armis vulnerability management made things better for your business and what can you see now that you couldn't see before? >> So Armis gives me better visibility of the network side of these vulnerabilities. You have your Nessus vulnerability scanners, the things that look at machines, look at configurations and hard facts. Nessus gives you all those. But when you turn to Armis, Armis looks at the network perspective, takes all that traffic that it's seeing on the network and gives you the network side of these vulnerabilities. So you can see if something's trying to talk out to a specific port or to a specific host on the internet and Armis consolidates all that and gives you trusted sources of information to validate where those are coming from. >> When you take into account all the criticality of the different kinds of assets involved in a business operation and they're becoming more wider, especially with edge in other areas, how has the security workload changed? >> The security workload has increased dramatically, especially in hospitality. In our case, not only do we have hotel rooms and visitors and our guests, we also have a convention center that we deal with. We have water parks and fun things for people to do. Families and businesses alike. And so when you add all those things up and you add the wireless and you add the network and the audio video and all these different pieces that come into play with all of those things in hospitality and you add our convention centers on top of it, the footprint's just expanded enormously in the past few years. >> When you have a digital transformation in a use case like yours, it's very diverse. You need a robust network, you need a robust environment to implement SaaS solutions. No ages to deploy, no updates needed. You got to be in line with that to execute and scale. How easy was Armis to implement ease of use of simplicity, the plug and play? In other words, how quickly do you achieve this time to value? >> Oh goodness. We did a proof of concept about three months ago in one of our resort locations, we dropped in an Armis appliance and literally within the first couple hours of the appliance being on the network, we had data on 30 to 40,000 devices that were touching our network. Very quick and easy, very drop and plug and play and moving from the POC to production, same deal. We, we dropped in these appliances in site. Now we're seeing over 180,000 devices touching our networks within a given week. >> Armis has this global asset knowledge base, it's crowdsourced an a asset intelligent engine, it's a game changer. It tracks managed, unmanaged IOT devices. Were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >> Oh, absolutely. Not only do we have the devices that we have, but we have guests that bring things on site all the time, Roku TVs and players and Amazon Fire Sticks and all these different things that are touching our network and seeing those in real time and seeing how much traffic they're using we can see utilization, we can see exactly what's being brought on, we can see vehicles in our parking lot that have access points turned on. I mean, it's just amazing how much data this opened our eyes to that you know it's there but you don't ever see it. >> It's bring your own equipment to the resort just so you can watch all your Netflix, HDMI cable, everyone's doing it now. I mean, this is the new user behavior. Great insight. Anything more you'd want to say about Armis for the folks watching? >> I would say the key is they're very easy to work with. The team at Armis has worked very closely with me to get the integrations that we've put in place with our networking equipment, with our wireless, with different pieces of things and they're working directly with me to help integrate some other things that we've asked them to do that aren't there already. Their team is very open. They listen, they take everything that we have to say as a customer to heart and they really put a lot of effort into making it happen. >> All right, Tim. Well, thanks for your time. I'm John Furrier with theCUBE, the leader in enterprise tech coverage. Up next in this lightning talk session is Brian Gilligan, manager, security and Operations at Brookfield Properties. Thanks for watching.

>> Okay, up next in the Lightning Talk Session is Brian Galligan; Mgr, Security and Operations at Brookfield Properties. Brian, great to see you. Thanks for coming on. >> Thanks for having me, John. >> So unified visibility across extended asset surface area is key these days. You can't secure what you can't see. So tell me more about how you were able to centralize your view of network assets with Armis and what impact that had on your business. >> Yeah, that's been a really key component of ours where we've actually owned multiple companies with them and are always acquiring companies from time to time. So it's always a question. What is actually out there and what do we need to be worried about. So from an inventory perspective it's definitely something that we've been looking into. Armis was a great partner in being able to get us the visibility into a lot of the IoT that we have out in the environment. And then also trying to find what we have and what's actually installed on those devices. What's running, who's talking to who. So that's definitely been a key component with our partnership with Armis. >> You know, we interview a lot of practitioners and companies and one things we found is vulnerability Management programs. There's a lot of gaps. You know, vulnerability management comes across more sometimes just IT devices, but not all assets. How has Armis Vulnerability Management made things better for your business? And what can you see now that you couldn't see before? >> Yeah, again, because we own multiple companies and they actually use different tools for vulnerability management. It's been a challenge to be able to compare apples to apples on when we have vulnerability. When we have risk out there, how do you put a single number to it? How do you prioritize different initiatives across those sectors? And being able to use Armis and have that one score, have that one visibility and also that one platform that you can query across all of those different companies, has been huge because we just haven't had the ability to say are we vulnerable to X, Y and Z across the board in these different companies? >> You know, it's interesting when you have a lot of different assets and companies, as you mentioned. It kind of increases the complexity and yeah we love the enterprise. You solve complexity by more complexity but that's not the playbook anymore. We want simplicity. We want to have a better solution. So when you take into account, the criticality of these businesses as you're integrating in, in real time and the assets within those business operations you got to keep focused on the right solutions. What has Armis done for you that's been correct and right for you guys? >> Yeah, so being able to see the different like be able to actually drill down into the nitty gritty on what devices are connecting to what. Being able to enforce policies that way, I think has been a huge win that we've been able to see from Armis. It's one of those things where we were able to see north-south traffic. No problem with our typical SIM tools, firewall tools and different logging sources but we haven't been able to see anything east-west and that's where we're going to be most vulnerable. That's where we've been actually found. We found some gaps in our coverage from a pen test perspective where we've found that where we don't have that visibility. Armis has allowed us to get into that communication to better fine tune the rules that we have across devices across sectors, across the data center to properties. Properties of the data center and then also to the cloud. >> Yeah, visibility into the assets is huge. But as you're in operations you got to operationalize these tools. I mean, some people sound like they've got a great sales pitch and all sounds like, "Wait a minute, I got to re-configure my entire operations." At the end of the day, you want to have an easy to use, but effective capability. So you're not taxed either personnel or operations. How easy has it been with Armis to implement from an ease of use, simplicity, plug and play? In other words, how quickly did you get to the time to value? Can you share your thoughts? >> This honestly is the biggest value that we've seen in Armis. I think a, a big kudos goes to the professional services group for getting us stood up being able to explain the tool, be able to dig into it and then get us to that time to value. Honestly, we've only scratched the surface on what Armis can give us which is great because they've given us so much already. So definitely taking that model of let's crawl, walk, run with what we're able to do. But the professional services team has given us so much assistance in getting from one collector to now many collectors. And we're in that deployment phase where we're able to gather more data and find those anomalies that are out there. I again, big props to the, the professional services team. >> Yeah, you know one of we'd add an old expression when you know when the whole democratization happened on the web here comes all the people, you know social media and whatnot now with IoT here comes all the devices. Here comes all the things- >> Yeah. >> Things >> More things are being attached to the network. So Armis has this global asset knowledge base that crowd-sources the asset intelligence. How has that been a game changer for you? And were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >> We have a large wifi footprint for guests, vendors, contractors that are working on site along with our corporate side, which has a lot of devices on it as well. And being able to see what devices are using what services on there and then be able to fingerprint them easily has been huge. I would say one of the best stories that I can tell is actually with a pen test that we ran recently. We were able to determine what the pen test device was and how it was acting anomalous and then fingerprint that device within five minutes opposed to getting on the phone with probably four or five different groups to figure out what is this device? It's not one of our normal devices. It's not one of our normal builds or anything. We were able to find that device within probably three to five minutes with Armis and the fingerprinting capability. >> Yeah, nothing's going to get by you with these port scans or any kind of activity, so to speak, jumping on the wifi. Great stuff. Anything else you'd like to share about Armis while I got you here? >> Yeah, I would say that something recently, we actually have an open position on our team currently. And one of the most exciting things is being able to share our journey that we've had with Armis over the last year, year and a half, and their eyes light up when they hear the capabilities of what Armis can do, what Armis can offer. And you see a little bit of jealousy of, you know, "Hey I really wish my current organization had that." And it's one of those selling tools that you're able to give to security engineers, security analysts saying, "Here's what you're going to have on the team to be able to do your job, right." So that you don't have to worry about necessarily the normal mundane things. You get to actually go do the cool hunting stuff, which Armis allows you to do. >> Well. Brian, thanks for the time here on this Lightning Talk, appreciate your insight. I'm John Furrier with theCUBE the leader in enterprise tech coverage. Up next in the Lightning Talk Session is Alex Schuchman. He's the CISO of Colgate-Palmolive Thanks for watching.

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

>>Hello, Ron. Welcome back to the manage risk across your extended attack service area with Armas asset intelligence platform. I'm Sean furier host we're here at the CSO perspective, Alex Chuck bin, who is the CSO of Colgate Colgate Palm mall of company. Alex, thanks for coming on. >>Thanks for having >>Me, you know, unified visibility across the enterprise surface area is about knowing what you gotta protect. You can't protect what you can't see. Tell me more about how you guys are able to centralize your view with network assets with Armas. >>Yeah, I think the, the most important part of any security program is really visibility. And, and that's one of, kind of the building blocks. When you're building a security program, you need to understand what's in your environment. What's what you control, what is being introduced new into the environment. And that's really what any solution that gives you full visibility to your infrastructure, to your environment, to all the assets that are there, that that's really one of your bread and butter pieces to your security program. >>What's been the impact on your business? >>You know, I, I think from, from an it point of view, running the security program, you know, our key thing is really enabling the business to do their job better. So if we can give them visibility into all the assets that are available in their individual environments, and we're doing that in an automated fashion with no manual collection, you know, that's yet another thing that they don't have to worry about. And then we're delivering because really it is an enabler for the business. And then they can focus really on what their job is, which is to, to deliver product. >>Yeah. And a lot of changes in their network. You got infrastructure, you got OT devices, OT devices. So vulnerability management becomes more important. It's been around for a while, but it's not just it devices anymore. There are gaps in vulnerability across the OT network. What can you tell us about Colgate's use of Armas as vulnerability management? What can you, can you see now what you couldn't you see before? Can you share your thoughts on this? >>Yeah, I, I think what's really interesting about the, the kind of manufacturing environments today is if you look back a number of years, most of the manufacturing equipment was really disconnected from the internet. It was really running in silos. So it was very easy to protect equipment that, that isn't internet connected. You could put a firewall, you could segment it off. And it was, it was really on an island on its own. Nowadays you have a lot of IOT devices. You have a lot of internet connected devices, sensors providing information to multiple different suppliers or vendor solutions. And you have to really then open up your ecosystem more, which of course means you have to change your security posture and you really have to embrace. If there's a vulnerability with one of those suppliers, then how do you mitigate the risk associated to vulnerability? Armas really helps us get a lot of information so that we can then make a decision with our business teams. >>That whole operational aspect of criticality is huge. How on the assets knowing what's what's key? How has that changed your, the, the security workload for you guys? >>Yeah, for us, I mean, it, it's all about being efficient. If we can have the, the visibility across our manufacturing environments, then, then my team can easily consume that information. You know, if we spend a lot of time trying to digest the information, trying to process it, trying to prioritize it, that, that, that really hurts our efficiency as, as a team where as a function, what we really like is being able to use technology to help us do that work. We're, we're not an it shop. We're a manufacturing shop, but we're a very technical shop so that we like to drive everything through automation and not be a bottleneck for any of the, the actions that take place. >>You know, the old expression is the juice worth. The squeeze. It comes up a lot when people are buying tools around vulnerability management and point, all this stuff. So SAS solution is key with no agents to deploy. They have that talk about how you operationalize Armas in your environment, how quickly did it AC achieve time to value, take us through that, that consumption of the product. And, and, and what was the experience like? >>Yeah, I I'll definitely say a in, in the security ecosystem that that's one of the, the biggest promises you hear across the industry. And when, when we started with Armas, we started with a very small deployment and we wanted to make sure if, if it was really worth the lift to your point, we implemented the, the first set of plants very quickly, actually, even quicker than we had put in our project plan, which is, is not typical for implementing complex security solutions. And then we were so successful with that. We expanded to cover more of our manufacturing plants, and we were able to get really true visibility across our entire manufacturing organization in the first year with the ability to also say that we extended that, that information, that visibility to our manufacturing organization, and they could also consume it just as easily as we could. >>That's awesome. How many assets did you guys discover? Just curious on the numbers? >>Oh, that, that's the really interesting part, you know, before we started this project, we would've had to do a, a manual audit of, of our plants, which is typical in, in our industry. You know, when, when we started this project and, and we put in estimates, we really, really didn't have a great handle on what we were gonna find. And what's really nice about the Arma solution is it it's truly giving you full visibility. So you're actually seeing, besides the servers and the PLCs and all the equipment that you're familiar with, you're also connecting it to your wireless access points. You're connecting it to see any of those IOT devices as well. And then you're really getting full visibility through all the integrations that they offer. You're amazed how many devices you're actually seeing across your entire ecosystem. >>It's like Google maps for your infrastructure. You get little street view. You wanna look at it, you get the, you know, fake tree in there, whatever, but it gives you the picture that's key, >>Correct. And with a nice visualization and an easy search engine, similar to your, your Google analogy, you know, everything is, is, is really at your fingertips. If you wanna find something, you just go to the search bar, click a couple entries and, and boom, you get your, your list of the associated devices or the, the associated locations devices. >>Well, I appreciate your time. I know you're super busy at CSIG a lot of your plate. Thanks for coming on sharing. Appreciate it. >>No problem, John. Thanks for having me. >>Okay. In a moment, Brian Inman, a sales engineer at Armas will be joining me. You're watching the cube, the leader in high tech coverage. Thanks for watching.