(upbeat music) >> Hello everyone, welcome back to the manager risk across the extended attack surface with Armis. I'm John Furrier, your host of theCUBE. Got the demo. Got here, Bryan Inman sales engineer at Armis. Bryan, thanks for coming on. We're looking forward to the demo. How you doing? >> I'm doing well, John, thanks for having me. >> We heard from Nadir describing Armis' platform, lot of intelligence. It's like a search engine meets data at scale, intelligent platform around laying out the asset map, if you will, the new vulnerability module among other things that really solves CISCO's problems. A lot of great customer testimonials and we got the demo here that you're going to give us. What's the demo about? What are we going to see? >> Well, John, thanks. Great question. And truthfully, I think as Nadir has pointed out what Armis as a baseline is giving you is great visibility into every asset that's communicating within your environment. And from there, what we've done is we've layered on known vulnerabilities associated with not just the device, but also what else is on the device. Is there certain applications running on that device, the versions of those applications, and what are the vulnerabilities known with that? So that's really gives you great visibility in terms of the devices that folks aren't necessarily have visibility into now, unmanaged devices, IoT devices, OT, and critical infrastructure, medical devices things that you're not necessarily able to actively scan or put an agent on. So not only is Armis telling you about these devices but we're also layering on those vulnerabilities all passively and in real time. >> A lot of great feedback we've heard and I've talked to some of your customers. Rhe agentless is a huge deal. The discoveries are awesome. You can see everything and just getting real time information. It's really, really cool. So I'm looking forward to the demo for our guests. Take us on that tour. Let's go with the demo for the guests today. >> All right. Sounds good. So what we're looking at here is within the Armis console is just a clean representation of the passive reporting of what Armis has discovered. So we see a lot of different types of devices from your virtual machines and personal computers, things that are relatively easy to manage. But working our way down, you're able to see a lot of different types of devices that are not necessarily easy to get visibility into, things like your up systems, IT cameras, dash cams, et cetera, lighting systems. And today's day and age where everything is moving to that smart feature, it's great to have that visibility into what's communicating on my network and getting that, being able to layer on the risk factors associated with it as well as the vulnerabilities. So let's pivot over to our vulnerabilities tab and talk about the the AVM portion, the asset vulnerability management. So what we're looking at is the dashboard where we're reporting another clean representation with customizable dashlets that gives you visuals and reporting and things like new vulnerabilities as they come in. What are the most critical vulnerabilities, the newest as they roll in the vulnerabilities by type? We have hardware. We have application. We have operating systems. As we scroll down, we can see things to break it down by vulnerabilities, by the operating system, Windows, Linux, et cetera. We can create dashlets that show you views of the number of devices that are impacted by these CVEs. And scrolling down, we can see how long have these vulnerabilities been sitting within my environment? So what are the oldest vulnerabilities we have here? And then also of course, vulnerabilities by applications. So things like Google Chrome, Microsoft Office. So we're able to give a good representation of the amount of vulnerabilities as they're associated to the hardware and applications as well. So we're going to dig in and take a a deeper look at one of these vulnerabilities here. So I'm excited to talk today about of where Armis AVM is, but also where it's going as well. So we're not just reporting on things like the CVSS score from NIST NVD. We're also able to report on things like the exploitability of that. How actively is this CVE being exploited in the wild? We're reporting EPSS scores. For example, we're able to take open source information as well as a lot of our partnerships that we have with other vendors that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware, et cetera. But where we're going with this is in very near future releases, we're going to be able to take an algorithm approach of, what are the most critical CVSS that we see? How exploitable are those? What are common threat actors doing with these CVEs? Have they weaponized these CVEs? Are they actively using those weaponized tools to exploit these within other folks' environments? And who's reporting on these? So we're going to take all of these and then really add that Armis flavor of we already know what that device is and we can explain and so can the users of it, the business criticality of that device. So we're able to pivot over to the matches as we see the CVEs. We're able to very cleanly view, what exactly are the devices that the CVE resides on. And as you can see, we're giving you more than just an IP address or a lot more context and we're able to click in and dive into what exactly are these devices. And more importantly, how critical are these devices to my environment? If one of these devices were to go down if it were to be a server, whatever it may be, I would want to focus on those particular devices and ensuring that that CVE, especially if it's an exploitable CVE were to be addressed earlier than say the others and really be able to manage and prioritize these. Another great feature about it is, for example, we're looking at a particular CVE in terms of its patch and build number from Windows 10. So the auto result feature that we have, for example, we've passively detected what this particular personal computer is running Windows 10 and the build and revision numbers on it. And then once Armis passively discovers an update to that firmware and patch level, we can automatically resolve that, giving you a confidence that that has been addressed from that particular device. We're also able to customize and look through and potentially select a few of these, say, these particular devices reside on your guest network or an employee wifi network where we don't necessarily, I don't want to say care, but we don't necessarily value that as much as something internally that holds significantly, more business criticality. So we can select some of these and potentially ignore or resolve for determining reasons as you see here. Be able to really truly manage and prioritize these CVEs. As I scroll up, I can pivot over to the remediation tab and open up each one of these. So what this is doing is essentially Armis says, through our knowledge base been able to work with the vendors and pull down the patches associated with these. And within the remediation portion, we're able to view, for example, if we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, right now we're able to view which patches are going to gimme the most impact as I prioritize these and take care of these affected devices. And lastly, as I pivot back over. Again, where we're at now is we're able to allow the users to customize the organizational priority of this particular CVE to where in terms of, this has given us a high CVSS score but maybe for whatever reasons it may be, maybe this CVE in terms of this particular logical segment of my network, I'm going to give it a low priority for whatever the use case may be. We have compensating controls set in place that render this CVE not impactful to this particular segment of my environment. So we're able to add that organizational priority to that CVE and where we're going as you can see that popped up here but where we're going is we're going to start to be able to apply the organizational priority in terms of the actual device level. So what we'll see is we'll see a column added to here to where we'll see the the business impact of that device based on the importance of that particular segment of your environment or the device type, be it critical networking device or maybe a critical infrastructure device, PLCs, controllers, et cetera, but really giving you that passive reporting on the CVEs in terms of what the device is within your network. And then finally, we do integrate with your vulnerability management and scanners as well. So if you have a scanner actively scanning these, but potentially they're missing segments of your net network, or they're not able to actively scan certain devices on your network, that's the power of Armis being able to come back in and give you that visibility of not only what those devices are for visibility into them, but also what vulnerabilities are associated with those passive devices that aren't being scanned by your network today. So with that, that concludes my demo. So I'll kick it back over to you, John. >> Awesome. Great walk through there. Take me through what you think the most important part of that. Is it the discovery piece? Is it the interaction? What's your favorite? >> Honestly, I think my favorite part about that is in terms of being able to have the visibility into the devices that a lot of folks don't see currently. So those IoT devices, those OT devices, things that you're not able to run a scan on or put an agent on. Armis is not only giving you visibility into them, but also layering in, as I said before, those vulnerabilities on top of that, that's just visibility that a lot of folks today don't have. So Armis does a great job of giving you visibility and vulnerabilities and risks associated with those devices. >> So I have to ask you, when you give this demo to customers and prospects, what's the reaction? Falling out of their chair moment? Are they more skeptical? It's almost too good to be true and end to end vulnerability management is a tough nut to crack in terms of solution. >> Honestly, a lot of clients that we've had, especially within the OT and the medical side, they're blown away because at the end of the day when we can give them that visibility, as I've said, Hey, I didn't even know that those devices resided in that portion, but not only we showing them what they are and where they are and enrichment on risk factors, et cetera, but then we show them, Hey, we've worked with that vendor, whatever it may be and Rockwell, et cetera, and we know that there's vulnerabilities associated with those devices. So they just seem to be blown away by the fact that we can show them so much about those devices from behind one single console. >> It reminds me of the old days. I'm going to date myself here. Remember the old Google Maps mashup days. Customers talk about this as the Google Maps for their assets. And when you have the Google Maps and you have the Ubers out there, you can look at the trails, you can look at what's happening inside the enterprise. So there's got to be a lot of interest in once you get the assets, what's going on those networks or those roads, if you will, 'cause you got in packet movement. You got things happening. You got upgrades. You got changing devices. It's always on kind of living thing. >> Absolutely. Yeah, it's what's on my network. And more importantly at times, what's on those devices? What are the risks associated with the the applications running on those? How are those devices communicating? And then as we've seen here, what are the vulnerabilities associated with those and how can I take action with them? >> Real quick, put a plug in for where I can find the demo. Is it online? Is it on YouTube? On the website? Where does someone see this demo? >> Yeah, the Armis website has a lot of demo content loaded. Get you in touch with folks like engineers like myself to provide demos whenever needed. >> All right, Bryan, thanks for coming on this show. Appreciate, Sales Engineer at Armis, Bryan Inman. Given the demo God award out to him. Good job. Thanks for the demo. >> Thanks, thanks for having me. >> Okay. In a moment, we're going to have my closing thoughts on this event and really the impact to the business operations side, in a moment. I'm John Furrier of theCUBE. Thanks for watching. (upbeat music)

>>Hello, welcome back to the manager risk across the extended attack surface with Armas I'm John fair host of the cube. Got the demo. God here, Brian Inman sales engineer at Armit. Brian. Thanks for coming on. We're looking forward to the demo, how you doing? >>I'm doing well, John, thanks for having me, >>You know, we heard from Nair, you know, describing arm's platform, a lot of intelligence. It's like a search engine meets data at scale intelligent platform around laying out the asset map. If you will, the new vulnerability module among other things that really solves CISO's problems, a lot of great customer testimonials. And we, we got the demo here that you're gonna give us, what's the demo about what are we, what are we gonna see? >>Well, John, thanks. Great question. And truthfully, I think as NAIA has pointed out what AIS as a baseline is giving you is, is great visibility into every asset on your that's communicating within your, within your environment. And from there, what we've done is we've layered on known vulnerabilities associated with not just the device, but also what else is on the device. What's is there certain applications running on that device, the versions of those applications and what are the vulnerabilities known with that? So that's really gives you great visibility in, in terms of the devices that folks aren't necessarily have visibility into now, unmanaged devices, OT devices, OT, and critical infrastructure, medical devices, things that you're not necessarily able to actively scan or put an agent on. So not only is Armas telling you about these devices, but we're also layer layering on those vulnerabilities all passively and in real time, >>A lot of great feedback we've heard and I've talked to some of your customers, the agent list is a huge deal. The Discover's at awesome. You can see everything and, and just getting real time information. It's really, really cool. So I'm looking forward to, for the demo for our guests, take us on that tour. Let's go with the demo for the guests today. >>All right. Sounds good. So what we're looking at here is within the Armas console is just a clean representation of the passive reporting of what Armas has discovered. So we see a lot of different types of devices, you know, from your virtual machines and personal computers, things that are relatively easy to manage, but working our way down, you're able to see a lot of different of the different types of devices that are not necessarily easy to, to get visibility into things like your up systems, IP cameras, dash cams, et cetera, lighting systems, and, and today's day and age, where everything is moving to the, that smart feature. You know, it's, it's great to have that visibility into, you know, what's communicating on my network and getting that, being able to layer on the risk factors associated with it, as well as the vulnerabilities. So let's pivot over to our vulnerabilities tab and talk about the, the ADM portion, the asset vulnerability management. >>So what we're looking at is the dashboard where we're reporting a, a, another clean representation with customizable dashboards that gives you visuals and reporting and things like new vulnerabilities as they come in, you know, what are the most critical vulnerabilities that are the, the newest as they roll in the vulnerabilities by type, we have hardware, we have application, we have operating systems. As we scroll down, we can see things to break it down by vulnerabilities, by the operating system, windows, Linux, et cetera. We can take, you know, create dashes that show you views of the, the number of, of devices that are impacted by these CVEs and scrolling down. We can see, you know, what, how long have these vulnerabilities been sitting within my environment? So how, what are the oldest vulnerabilities we have here? And then also of course, vulnerabilities by applications. So things like Google Chrome, Microsoft office. >>So we're able to give a, a good representation of the amount of vulnerabilities as they're associated to the hardware and applications as well. So we're gonna dig in and take a, a deeper look at one of these vulnerabilities here. So I'm excited to talk today about where Armas ABM is, but also where it's going as well. So we're not just reporting on things like the CVSs score from, from N N VD. We're also able to report on things like the exploitability of that, right? How, how actively is this, this CVE being exploited in the wild, right? We're reporting E EPSS scores. For example, we're able to take open source information as well as a lot of our partnerships that we have with other vendors that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware, et cetera. >>But we're where we're going with. This is we're in Fu very near future releases. We're gonna be able to, to take sort of an algorithm approach of what are the most critical CVSs that we see, how exploitable are those, what are common threat actors doing with these, these CVEs have they weaponized these CVS? Are they actively using those weaponized tools to exploit these within, within other folks' environments? And who's reporting on these. So we're gonna take all of these and then really add that Armas flavor of we already know what that device is, and we can explain. And, and so can the users of it, the business criticality of that device, right? So we're able to pivot over to the matches as we see the CVEs, we're able to very cleanly view, what are, what exactly are the devices that the CVE resides on, right? >>And as you can see, we're giving you more than just an IP address or more, you know, a lot more context, and we're able to click in and dive into what exactly are these devices and how, and more importantly, how critical are these devices to, to my, my environment, if one of these devices were to go down, if it were to be a server, if you know, whatever it may be, I would wanna focus on those particular devices and ensuring that that CVE, especially if it's an exploitable CVE were to be addressed or early, earlier than, than say the others, and really be able to manage and prioritize these another great feature about it is, you know, for example, we're looking at a, a particular CVE in terms of its its patch and build number from windows 10. So the AutoSol feature that we have, for example, we've passively detected what this particular personal computer is running windows 10 and the build and revision numbers on it. >>And then once Armas passively discovers an update to that firmware and patch level, we can automatically resolve that, giving you a, a confidence that that has been addressed from that particular device. We're also able to customize and look through and potentially select a few of these, say, you know, these particular devices reside on your guest network or an employee wifi network where we don't necessarily, I don't wanna say care, but we don't necessarily value that as much as something in, you know, internally that has holds significantly more business criticality. So we can select some of these and potentially ignore or resolve for determining reasons. As you see here, be able to really truly manage and prioritize these, these CVEs. As I scroll up, I can pivot over to the remediation tab and open up each one of these. So what this is doing is essentially Arma says, you know, through our knowledge base, been able to work with the vendors and, and pull down the patches associated with these. >>And within the remediation portion, we're able to view, for example, if we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, right now, we're able to F to view, you know, which patches are gonna gimme the most impact as I prioritize these and take care of these affected devices. And lastly, as I pivot back, go again, where we're at now is we're able to allow the, the users to customize the organizational priority of this particular CVE, to where in terms of, you know, this has, has given us a high CVSs score, but maybe for whatever reasons it may be maybe this CVE in terms of this particular logical segment of my network, I'm gonna give it a low priority for whatever the use case may be. We have compensating controls set in place that, that render this CVE, not impactful to this particular segment of my environment. >>So we're able to add that organizational priority to that CVE and where we're going, as you can see that that popped up here, but where we're going is we're gonna start to be able to apply the, the organizational priority in terms of the actual device level. Right? So what we'll see is we'll see a, a column added to here to where we'll see the, the business impact of that device, based on the importance of that particular segment of your environment or the device type, be it, you know, critical networking device, or maybe a, a critical infrastructure device, PLCs controllers, et cetera, but really giving you that passive reporting on the CVEs in terms of what the device is within your network. And then finally we do integrate with your vulnerability, vulnerability management, and scanners as well. So if you have a scanner actively scanning these, but potentially they're missing segments of your net network, or they're not able to actively scan certain devices on your network, that's the power of Armas being able to come back in and give you that visibility of not only what those devices are for visibility into them, but also what vulnerabilities are associated with those passive devices that aren't being scanned by your network today. >>So with that that's, that concludes my demo. So I'll kick it back over to you, John. >>Awesome. Great, great walk through there. Take me through what you think the most important part of that. Is it the discovery piece? Is it the interaction what's your favorite? >>Honestly, I think my favorite part about that is, you know, in terms of being able to have the visibility into the devices, that a lot of folks don't see currently. So those OT devices, those OT devices, things that you're not able to, to run a scan on or put an agent on Armas is not only giving you visibility into them, but also layering in, as I said before, those vulnerabilities on top of that, that's just visibility that a lot of folks today don't have. So Armas does a great job of giving you visibility and vulnerabilities and risks associated with those devices. >>So I have to ask you, when you give this demo to customers and prospects, what's the reaction falling outta their chair moment? Are they more skeptical? It's almost too good to be true. And the end to end vulnerability management's is a tough nut to crack in terms of solution. >>Well, honestly, a lot of clients that we've had, you know, especially within the OT and the medical side, they're, they're blown away because at the end of the day, when we can give them that visibility, as I've said, you know, Hey, I, I didn't even know that those devices resided in that, that portion, but not only are we showing them what they are and where they are and enrichment on risk factors, et cetera. But then we show them, Hey, there's a known, you know, we've worked with that vendor, whatever it may be and, you know, Rockwell, et cetera. And we know that there's vulnerabilities associated with those devices. So they just seem to be blown away by the fact that we can show them so much about those devices from behind one single console. >>You know, it reminds me of the old days. I'm gonna date myself here. Remember the old Google maps, mashup days. This is customers. Talk about this as the Google maps for their assets. And when you have the Google maps and you have the Ubers out there, you can look at the trails, you can look at what's happening inside the, inside the enterprise. So there's gotta be a lot of interest in once you get the assets what's going on, on those, on, in those, on those networks or those roads, if you will, cuz you got in packet movement, you got things happening, you got upgrades, you got changing devices. It's always on kind of living thing. >>Absolutely. Yeah. It's what's on my network. And more importantly at times what's on those devices, right? Are the, what are the risks associated with the, the applications running on those? How are those devices communicating? And then as we've seen here, what are the vulnerabilities associated with those and how can I take action with them? >>All right. Real quick, put a plug in for where I can find the demo. Is it online is on YouTube, on the website. Where does someone see this demo? >>Yeah, the Amis website has a lot of demo content loaded. Get you in touch with folks like engineers like myself to, to provide demos whenever, whenever needed. >>All right, Brian, thanks for coming on this show. Appreciate sales engineer, Armas Brian Inman, given the demo God award out to him. Good job. Thanks for the demo. >>Thanks. Thanks for having me. >>Okay. You know, in a moment we're gonna have my closing thoughts on this event and really the impact to the business operation side. In a moment I'm John fur the cube. Thanks for watching.

(upbeat music) >> Hi everyone, and welcome back to managing risk across your extended attack service area with Armis Asset Intelligence Platform. I'm John Furrier, your host. We're here with the CISO Perspective. Alex Schuchman, who is the CISO of Colgate-Palmolive Company. Alex, thanks for coming on. >> Thanks for having me. >> You know, unified visibility across the enterprise service area is about knowing what you got to protect. You can't protect what you can't see. Tell me more about how you guys are able to centralize your view with network assets with Armis. >> Yeah, I think the most important part of any security program is really visibility. And that's one of the building blocks when you're building a security program. You need to understand what's in your environment, what you can control, what is being introduced new into the environment, and that's really what, any solution that gives you full visibility to your infrastructure, to your environment, to all the assets that are there, that's really one of your bread and butter pieces to your security program. >> What's been the impact on your business? >> You know, I think from an IT point of view, running the security program, you know, our key thing is really enabling the business to do their job better. So if we can give them visibility into all the assets that are available in their individual environments, and we're doing that in an automated fashion with no manual collection, you know, that's yet another thing that they don't have to worry about, and then we're delivering. Because really IT is an enabler for the business. And then they can focus really on what their job is, which is to deliver product. >> Yeah, and a lot of changes in their network. You got infrastructure, you got IOT devices, OT devices. So vulnerability management becomes more important. It's been around for a while, but it's not just IT devices anymore. There are gaps in vulnerability across the OT network. What can you tell us about Colgate's use of Armis' vulnerability management? What can you see now? What couldn't you see before? Can you share your thoughts on this? >> Yeah, I think what's really interesting about the kind of manufacturing environments today is, if you look back a number of years, most of the manufacturing equipment was really disconnected from the internet. It was really running in silos. So it was very easy to protect equipment that isn't internet-connected. You could put a firewall, you could segment it off. And it was really on an island on its own. Nowadays, you have a lot of IOT devices. you have a lot of internet-connected devices, sensors providing information to multiple different suppliers or vendor solutions. And you have to really then open up your ecosystem more, which, of course, means you have to change your security posture, and you really have to embrace if there's a vulnerability with one of those suppliers then how do you mitigate the risk associated to that vulnerability? Armis really helps us get a lot of information so that we can then make a decision with our business teams. >> That whole operational aspect of criticality is huge, on the assets knowing what's key. How has that changed the security workload for you guys? >> You know, for us, I mean, it's all about being efficient. If we can have the visibility across our manufacturing environments, then my team can easily consume that information. You know, if we spend a lot of time trying to digest the information, trying to process it, trying to prioritize it, that really hurts our efficiency as a team or as a function. What we really like is being able to use technology to help us do that work. We're not an IT shop. We're a manufacturing shop, but we're a very technical shop so we like to drive everything through automation and not be a bottleneck for any of the actions that take place. >> You know the old expression, is the juice worth the squeeze? It comes up a lot when people are buying tools around vulnerability management, and point for all this stuff. So SaaS solution is key with no agents to deploy. They have that. Talk about how you operationalize Armis in your environment. How quickly did it achieve time to value? Take us through that consumption of the product, and what was the experience like? >> Yeah, I'll definitely say in the security ecosystem, that's one of the biggest promises you hear across the industry. And when we started with Armis, we started with a very small deployment, and we wanted to make sure if it was really worth the lift, to your point. We implemented the first set of plants very quickly, actually even quicker than we had put in our project plan, which is not typical for implementing complex security solutions. And then we were so successful with that, we expanded to cover more of our manufacturing plants, and we were able to get really true visibility across our entire manufacturing organization in the first year, with the ability to also say that we extended that information, that visibility to our manufacturing organization, and they could also consume it just as easily as we could. >> That's awesome. How many assets did you guys discover? Just curious on the numbers? >> Oh, that's the really interesting part. You know, before we started this project we would've had to do a manual audit of our plants, which is typical in our industry. You know, when we started this project and we put in estimates, we really didn't have a great handle on what we were going to find. And what's really nice about the Armis solution is it's truly giving you full visibility. So you're actually seeing, besides the servers, and the PLCs, and all the equipment that you're familiar with, you're also connecting it to your wireless access points. You're connecting it to see any of those IOT devices as well. And then you're really getting full visibility through all the integrations that they offer. You're amazed how many devices you're actually seeing across your entire ecosystem. >> It's like Google maps for your infrastructure. You know, the street view. You want to look at it. You get the, you know, fake tree in there, whatever, but it gives you the picture. That's key. >> Correct. And with a nice visualization and an easy search engine, similar to your Google analogy, you know, everything is really at your fingertips. If you want to find something, you just go to the search bar, click a couple entries and boom, you get your list of the associated devices or the the associated locations devices. >> Well, Alex, I appreciate your time. I know you're super busy at CSIG a lot of your plate. Thanks for coming on sharing. Appreciate it. >> No problem, John. Thanks for having me. >> Okay. In a moment, Bryan Inman, a sales engineer at Armis will be joining me. You're watching theCUBE, the leader in high tech coverage. Thanks for watching. (upbeat music)