At the end of February, Armis hosted an in-person gathering for all SEs globally. Partners were invited to attend by invitation only and if they were at a certain maturity level with the product. Jarviss was among the partners who received an invitation and gladly attended the event.

Here are some key takeaways from the event:

#1 Focus on the Attack Surface

Look at the attack surface instead of the vulnerabilities. Knowing about a vulnerability on a certain asset is important, but knowing if that vulnerability could be used or exploited is a different thing. If your segmentation is on point, some vulnerabilities do not require your priority. Armis can bring all this context to the asset since we not only monitor for vulnerabilities, but also keep track of the network traffic and applications being used on the asset. By looking at the context, the next step will be to evolve towards Exposure Management where we know what should be patched / fixed with priority and what not.

#2 Enhanced Threat Intelligence

The purchase of CTCI will bring more threat intelligence into the Armis platform. CTCI is specialized in monitoring attacker groups and knowing the behavior of these groups. Since Armis captures network traffic and knows what each asset is doing we can use Armis to know if assets are actively exploited or just vulnerable.

#3 Active Polling

Armis always went to the market as the passive tool for asset inventory. However, they noticed that for some specific devices active polling is needed to further get a full inventory of the assets. Active polling will not be the standard for an Armis deployment. But if some assets require active polling to get more insights, we now have the possibility to do it.

#4 Customized Risk Management

The Risk Factor of a device within Armis is one of the key components to leverage. Knowing which devices impose more risk to your environment than others is key. However, as of now you cannot deviate from the build in scoring of Armis. That is about to change as from Q2 of 2024. It will be possible to set the risk factor of a device based on your own policies which will greatly enhance the usability for companies since they can tailor the risk factor to their own needs.

#5 Comprehensive Compliance

Concerning customers in the medical segment, Armis knows that there are more regulations in place than just the FDA. Therefore, not only FDA recalls will be linked to the medical assets, but also other frameworks like MDS2 and NHS cyber alerts. With these improvements you can verify your posture against these frameworks. More frameworks will follow over time. Jarviss knows that these do not specifically apply to the Belgian market, but they can provide more insight into how your healthcare environment compares towards the standards that are set globally.

#6  Improved Purdue model

You will be able to manually intervene with the Purdue model drawn by Armis. Sometimes assets get classified in the wrong Purdue level and changing the level could be a hassle. With the new improvements that are coming, you will be able to manually change the Purdue level at the touch of a button. Armis will still automatically assign all your OT assets to the model, but if mistakes are made you can easily correct them.

#7 Integration expansion

Armis maintans their focus on network traffic and integration with external parties. By 2025 they aim for over 50 additional integrations allowing Armis users to seamlessly connect with all the available tools in their network. Be sure to regularly check Armis’s integrations page to stay updated on whether your product is now supported.

#8 Natural Language Processing

Armis is also looking into natural language processing. Now, if you want to search for a specific group, you need to use the Armis Query builder. They want to evolve towards a search engine in the platform where you can use natural language to gather information.

#9 Focus on Compliancy Checks

In the future, more focus will come on compliancy checks with different frameworks. The goal is to be able to verify compliancy towards any popular framework. More to come on this but keep it in mind if your company regularly needs to provide compliancy reports.

 

This is a high-level summary of the key takeaways from the Armis SE Summit. If you want to know more about what is new in Armis of Armis in general. Contact Jarviss!

Send us an email at info@jarviss.be or give us a call at +32 9 394 99 11.

Author: Yves Weyns