(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(bright upbeat music) >> Hello, everyone, and welcome to this #CUBEConversation here in Palo Alto, California. I'm John Furrier, host of "theCUBE." We have the co-founder and CTO of Armis here, Nadir Izrael. Thanks for coming on. Appreciate it. Armis is hot company, RSA, we just happened. Last week, a lot of action going on. Thanks for coming on. >> Thank you for having me. Sure. >> I love CTOs and co-founders. One, you have the entrepreneurial DNA, also technical in a space with cyber security, that is the hottest most important area. It's always been important, but now more than ever, as the service areas are everywhere, tons of attacks, global threats. You got national security at every level, and you got personal liberties for privacy, and other things going on for average citizens. So, important topic. Talk about Armis? Why did you guys start this company? What was the motivation? Give a quick commercial what you guys do, and then we'll get into some of the questions around, who you guys are targeting. >> Sure, so yeah, I couldn't agree more about the importance of cybersecurity, especially I think in these days. And given some of the geopolitical changes happening right now, more than ever, I would say that if we go back 6.5 years or so, when Armis was founded, we at the time talked to dozens of different CIOs, CSOs, it managers. And every single one of them told us the same thing. And this was at least to me surprising at the time. We have no idea what we have. We have no idea what the assets that are connected to our network, or our environment are. At the time, when we started Armis, we thought this was simply, let's call it the other devices. IOT, OT, all kinds of different buzzwords that were kind of flying around at the time, and really that's, what we should focus on. But with time, what we understood, it's actually a problem of scale. Organizations are growing massively. The diversity of different assets they have to deal with is incredible. And if 6.5 or 7 years ago, it was all about just growth of actual physical devices, these days it's virtual, it's containerized, it's cloud-based. It's actually quite insane. And organizations find themselves really quickly dealing with billions of assets within their environment, but no real way to see, account for them, and be able to manage them. That's what Armis is here to solve. It's here to bring back visibility and order into the mix. It's here to bring a complete map of everything within the organization, and the ability to manage different security processes on top of that. And it couldn't have come, I think at a better time for organizations, because the ability to manage these days, the attack surface of an organization, understand where are different weak spots, what way to invest in? They start and end with a complete asset map, and that's really what we're here to solve. >> As I look at your story and understand what you guys are doing, certainly, a lot of great momentum at RSA. But also digging under the hood, you guys really crack the code with on the scale side as well. And also it's lockstep with the environment. If you look at the trends that we've been covering on "theCUBE," system on chip, you're seeing a lot of Silicon action going on, on all the hyperscalers. You're starting to see, again, you mentioned IOT devices and OT, IP enabled processors. I mean, that's basically you can run multi-threaded applications on a light bulb, basically. So, you have these new things going on that are just popping in into the environment. Just people are hanging them on the network. So, anything on the network is risk and that's happening massively, so I see that. But also you guys have this contextualization capability, scope the problem statement for us? How hard is it to do this? Because you got tons of challenges. What's the scale of the problem that you guys have been solving? 'Cause it's not easy. I mean, it's not network management, not just doing auto discovery, there's a lot of secret sauce there, scope the problem? >> Okay, so first of all, just to get a measure of how difficult this is, organizations have been trying to solve this for the better part of the last two decades. I think even when the problem was way smaller, they've still been struggling with being able to do this. It's an age old problem, that for the most part, I got to say that when I describe the problem the way that I did, usually, what the reaction from clients are, "Yes, I'd love for you to solve that." "I just heard this pitch from like five other vendors and I've yet to solve this problem. So, how do you do it?" So, as I kind of scope this, it's also a measure of just basically, how do you go about solving a complex situation where, to kind of list out some of the bold claims here in what I said. Number one, it's the ability to just fingerprint and be able to understand what your assets are. Secondly, being able to do it with very dirty data, if you will. I would say, in many cases, solutions that exist today, basically tell clients, or tell the users, were as good as the data that you provide us. And because the data isn't very good, the results aren't very good. Armis aspires to do something more than that. It aspires to create a logically perfect map of your assets despite being hindered by incomplete and basically wrong data, many times. And third, the ability to infer things about the environment where no source data even exists. So, to all of that, really Armis' approach is pretty straightforward, and it relies on something that we call our collective intelligence. We basically use the power and scale of these masses to our advantage, and not just as a shortcoming. What I mean by that, is Armis today tracks overall, over 2 billion assets worldwide. That's an astounding number. And it thanks to the size of some of the organization that we work with. Armis proudly serves today, for instance, over 35 of Fortune 100. Some of those environments, let me tell you, are huge. So, what Armis basically does, is really simple. It uses thousands, tens of thousands, hundreds of thousands sometimes, of instances of the same device and same assets to basically figure out what it is. Figure out how to fingerprint it best. Figure out how to marry conflicting data sources about it and figure out what's the right host name? What's the right IP address? What are all the different details that you should know about it? And be able to basically find the most minimalist fingerprints for different attributes of an asset in a changing environment. It's something that works really, really well. It's something that we honestly, may have applied to this problem, but it's not something that we fully invented. It's been used effectively to solve other problems as well. For instance, if you think about any kind of mapping software. And I use that analogy a lot. But if you think about mapping software, I happened to work for Google in the past, and specifically on Google Map. So, I know quite a bit about how to solve similar problems. But I can tell you that you think about something like a mapping software, it takes very dirty, incomplete data from lots of different sources, and creates not a pixel perfect map, but a logically perfect map for the use cases you need it to be. And that's exactly what Armis strives to do. Build the Google Maps, if you will, of your organization, or the kind of real time map of everything, and be able to supply that or project that for different business processes. >> Yeah, I love the approach, and I love that search analogy. Discover is a big part of mapping as you know, and reasoning in there with the metadata you have and the dirty data is critical. And by the way, we love bold statements on "theCUBE," because as long as you can back 'em up, then we'll dig into that. But let's back up some of those bold claims. Okay, you have a lot of devices, you've got the collective intelligence. How do you manage the real time nature of devices changing in real time? 'Cause if you do fingerprint on it, and you got some characteristics of the assets in the map, what happens in real time? How fast are you guys managing that? What's the process for that? >> So, very quickly, I think another quick analogy I like to use, because I think it orients people around kind of how Armis operates, is imagine that Armis is kind of like a Shazam for assets. We take different attributes coming from your environment, and we match it up, that collective intelligence to figure out what that asset is. So, we recognize an asset based off of its behavioral fingerprint, or based off of different attributes, figure out what it is. Now, if you take something that recognizes tunes on the radio or anything like that, it's built pretty similarly. Once you have access to different sources. Once we see real environments that introduce new devices or new assets, Armis is immediately learning. It's immediately taking those different queues, those different attributes and learning from them. And to your point, even if something changes its behavioral fingerprint. For instance, it gets updated, a new patch rolls out, something that changes a meaningful aspect of how that asset operates, Armis sees so many environments, and so much these days that it reacts in almost real time to the introduction of these new things. A patch rolls out, it starts changing multiple devices and multiple different environments around the world, Armis is already learning and adapting this model for the new type of asset and device out there. It works very quickly, and it's part of the effectiveness of being able to operate at the scale that we do. >> Well, Nadir, you guys got a great opportunity there at Armis. And as co-founder, you must be pretty pumped, actually working hard, stay up to date, and got a great, great opportunity there. How was RSA this year? And what's your take on the landscape? Because you're kind of in this, I call the new category of lockstep with an environment. Obviously, there's no perimeter, everyone knows that. Service area is the whole internet, basically, distributed computing paradigms and understanding things like discovery and mapping data that you guys are doing. And it's a data problem as well. It's a lot of problems that you guys are solving. But the industry's got some old beggars, as I still hear endpoint protection, zero trust. I hear trust, if you're talking about supply chain, software supply chain, S bombs, you mentioned in a previous interview. You got software supply chain issues with open source, 'cause everything's open source now on infrastructure, so that's happening. How do you manage all that? I mean, is it zero trust or is it trust? 'Cause as you hear, I hear you talking about Armis, it's like, you got to have trusted components in there and you got to trust the data. So, that's not zero trust, that's trust. So, where zero trust and trust solve? What's your take on that? How do you resolve? What's your reaction to that? >> Usually, I wait for someone else to bring up the zero trust buzzword before I touch on that. So, because to your point, it's such an overused buzzword. But let me try and tackle that for a second. First of all, I think that Armis treats assets in a way as, let's call it the vessels of everything. And what I mean by that, is that at a very atomic aspect, assets are the atoms of the environment. They're the vessels of everything. They're the vessels of vulnerabilities. There's the vessels of actual attacks. Like something, some asset needs to exist for something to happen. And every aspect of trust or zero trust, or anything like that applies to basically assets. Now, to your point, Armis, ironically, or like a lot of security tools, I think it assists greatly or even manages a zero trust policy within the environment. It provides the asset intelligence into the mix of how to manage an effective zero trust policy. But in essence, you need to trust Armis, right? I mean, Armis is a critical function now within your environment. And there has to be a degree of trust, but I would say, trust but verified. And that's something that I think the security industry as a whole is evolving into quite a bit, especially post events like solar, winds, or other things that happened in recent years. Armis is a SaaS platform. And in being a SaaS platform, there is an inherent aspect of trust and risk that you take on as a security organization. I think anyone who says differently, is either lying or mistaken. I mean, there are no foolproof, a 100% systems out there. But to mitigate some of that risk, we adhere to a very strict risk in security policy on our end. What that means, is we're incredibly transparent about every aspect of our own environment. We publish to our clients our latest penetration test reports. We publish our security controls and policies. We're very transparent about the different aspects we're involve in our own environment. We give our clients access to our own internal security organization, our own CSO, to be able to provide them with all the security controls they need. And we take a very least privileged approach in how we deploy Armis within an environment. No need for extra permissions. Everything read-only unless there is an explicit reason to do else... I think differently within the environment. And something that we take very seriously, is also anything that we deploy within the environment, should be walled off, except for whatever lease privilege that we need. On top of that, I'd add one more thing that adds, I think a lot of peace of mind to our clients. We are FeRAMP ready, and soon to be certified, We work with DOD clients within the U.S kind of DOD apparatus. And I think that this gives a lot of peace of mind to our clients, even commercial clients, because they know that we need to adhere to hundreds of different security controls that are monitored and government by U.S federal agencies. And that I think gives a lot of extra security measures, a lot of knowledge that this risk is being mitigated and controlled, and governed by different agencies. >> Good stuff there. Also at RSA, you kind of saw people come back together face-to-face, which is great. A lot of kind of similar, everyone kind of knows each other in the security business, but it's getting bigger. What was the big takeaways from you for the folks watching here that didn't get to go to RSA this year? What was the most important stories that came out of RSA this year? Just generally across the industry, from your perspective that people should pay attention to? >> First of all, I think that people were just really happy to get back together. I think it was a really fun RSA. I think that people had a lot of energy and excitement, and they love just walking around. I am obviously, somewhat biased here, but I will say, I've heard from other people too, that our event there, and the formal party that was there was by far the kind of the the talk of the show. And we were fortunate to do that with Sentinel One. with Torque who are both great partners of ours, and, of course, Insight partners. I think a lot of the themes that have come up during RSA, are really around some of the things that we already talked about, visibility as a driver for business processes. The understanding of where do assets and tax surfaces, and things like that play in. But also, I think that everything was, in light of macroeconomics and geopolitics that are kind of happening in the background, that no one can really avoid that. On the one hand, if we look at macroeconomics, obviously, markets are going through quite a shake up right now. And especially, when you talk about tech, the one thing that was really, really evident though, is it's cybersecurity is, I think market-wise just faring way better than others because the demand is absolutely there. I think that no one has slowed down one bit on buying and arming themselves, I'd say, with defensive solutions for cybersecurity. And the reason, is that the threats are there. I mean, we're all very, very much aware of that. And even in situations where companies are spending less on other things, they're definitely spending on cybersecurity, because the toll on the industry is going up significantly year by year, which really ties into also the geopolitics. One of the themes that I've heard significantly, is all the buzz around different initiatives coming from both U.S federal agencies, as well as different governing bodies around anything, from things like shields up in critical infrastructure, all the way to different governance aspects of the TSA. Or even the SCC on different companies with regards to what are they doing on cyber? If some of the initiatives coming from the SCC on public companies come out the way that they are right now, cyber security companies will elevate... Well, sorry, companies in general, would actually elevate cyber security to board level discussions on a regular basis. And everyone wants to be ready to answer effectively, different questions there. And then on top of all of that, I think we're all very aware of, I think, and not to be too doom and gloom here, but the geopolitical aspect of things. It's very clear that we could be facing a very significant and very different cyber warfare aspect than anything that we've seen before in the coming months and years. I think that one of the things you could hear a lot of companies and clients talk about, is the fact that it used to be that you could say, "Look, if a nation state is out to get me, then a nation state is out to get me, and they're going to get me. And I am out to protect myself from common criminals, or cybersecurity criminals, or things like that." But it's no longer the case. I mean, you very well might be attacked by a nation state, and it's no longer something that you can afford to just say, "Yeah, we'll just deal with that if that happens." I think some of the attacks on critical infrastructure in particular have proven to us all, that this is a very, very important topic to deal with. And companies are paying a lot of attention to what can give them visibility and control over their extended attack surface, and anything in between. >> Well, we've been certainly ringing the bell for years. I've been a hawk on this for many, many years, saying we're at cyber war, well below everyone else. So, we've been pounding our fist on the table saying, it's not just a national security issue. Finally, they're waking up and kind of figuring out countermeasures. But private companies don't have their own, they should have their own militia basically. So, what's the role of government and all this? So, all this is about competency and actually understanding what's going on. So, the whole red line, lowering that red line, the adversaries have been operating onside our infrastructure for years. So, the industrial IOT side has been aware of this for years, now it's being streamed, right? So, what do we do? Is the government going to come in and help, and bring some cyber militia to companies to protect their business? I mean, if troops dropped on our shores, I'm sure the government would react, right? So, where is that red line, Nadir? Where do you see the gap being filled? Certainly, people will defend their companies, they have assets obviously. And then, you critical infrastructure on the industrial side is super important, that's the national security issue. What do we do? What's the action here? >> That is such a difficult question. Such a good question I think to tackle, I think, there are similarities and there are differences, right? On the one hand, we do and should expect the government to do more. I think it should do more in policy making. I mean, really, really work to streamline and work much faster on that. And it would do good to all of us because I think that ultimately, policy can mean that the third party vendors that we use are more secure, and in turn, our own organizations are more secure in how they operate. But also, they hold our organizations accountable. And in doing so, consumers who use different services feel safer as well because basically, companies are mandated to protect data, to protect themselves, and do everything else. On the other hand, I'd say that government's support on this is difficult. I think the better way to look at this, is imagine for a second, no troops landing on our kind of shores, if you will. But imagine instead, a situation where Americans are spread all over the world and expect the government to protect them in any country, or in any situation they're at. I think that depicts maybe a little better, how infrastructure looks like today. If you look at multinational companies, they have offices everywhere. They have assets spread out everywhere. They have people working from everywhere around the world. It's become an attack surface, that I think you said this earlier, or in a different interview as well. There's no more perimeter to speak of. There are no more borders to this virtual country, if you will. And so, on the one hand, we do expect our government to do a lot. But on the other hand, we also need to take responsibility as companies, and as vendors, and as suppliers of services, we need to take accountability and take responsibility for the assets that we deploy and put in place. And we should have a very security conscious mind in doing this. >> Yeah. >> So, I think tricky government policy aspect to tackle. I think the government should be doing more, but on the other hand, we should absolutely be pointing internally at where can we do better as companies? >> And the asset understanding the context of what's critical asset too, can impact how you protect it, defend it, and ensure it, or manage it. I mean, this is what people want. It's a data problem in flight, at rest, and in action. So, Armis, you guys are doing a great job there. Congratulations, Nadir on the venture, on your success. I love the product, love the approach. I think it scales nicely with the industry where it's going. So, especially with the intelligent edge booming, and it's just so much happening, you guys are in the middle of it. Thanks for coming on "theCUBE." Appreciate it. >> Thank you so much. As I like to say, it takes a village, and there's so many people in the company who make this happen. I'm just the one who gets to take credit for it. So, I appreciate the time today and the conversation. And thank you for having me. >> Well, we'll check in with you. You guys are right there with us, and we'll be in covering you guys pretty deeply. Thanks for coming on. Appreciate it. Okay, it's #CUBEConversation here in Palo Alto. I'm John Furrier. Thanks for watching. Clear. (bright upbeat music)