 Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets like cloud, IoT building management systems, industrial control systems, medical devices and more. That's not just it, there's more. We're seeing massive volume of threats and surge of severe vulnerabilities that put these assets at risk. This is happening every day and many including me think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program where we're going to talk about these problems and how they're solved. Hello everyone, I'm John Furrier host of the CUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with ARMIS. New Asset Intelligence Platform. To start things off, let's bring in the co-founder and CTO of ARMIS, Nadir Israel. Nadir, great to have you on the program. Thanks for having me. Great success with ARMIS. I want to just roll back and just zoom out and look at what's the big picture? What are you guys focused on? What's the Holy Grail? What's the secret sauce? So ARMIS' mission, if you will, is to solve to your point, literally one of the Holy Grails of security teams for the past decade or so, which is what if you could actually have a complete unified authoritative asset inventory of everything and stressing that word everything, IT, OT, IOT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization without an actual map of what's going on with charts and graphs. So we're here to provide that map in every aspect of the environment and be able to build on top of that business processes, products and features that would assist security teams in managing that battlefield. So this category basically is the cyber asset, attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? Yeah, it's a mouthful. I think the chasm for short then Gartner do love their acronyms there, but chasm in short is a way to describe a bit of what I mentioned before or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things and kind of where Armys extends that is really with the extended attack surface. That basically means that idea of what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have with a strong emphasis on the completeness of that picture. If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to in your own kind of map application, try to path from New York to whichever your favorite surrounding city, but it only takes you so far and then you sort of need to do the rest of it on your own, not nearly as effective. And in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armys perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them. We provide a criticality rating and an ability to take action on top of these things. Having a map is huge. Everyone wants to know what's on there in their inventory, right? From a risk management standpoint also from an vulnerability perspective. So I totally see that and I can see that being the Holy Grail. But on the vulnerability side, you got to see everything and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side of it? Because, okay, I can see everything. Now I got to watch out for threat vectors. Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that, you know, vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armus brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence and where I think credible up to the minute and contextualized vulnerability and risk information is essential. Scanners or how we've been doing things for the last decade just aren't enough. I think the three things that Armus excels at and completes the security stack today in the vulnerability management side are scale, reach, and context. Scale meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands or tens of thousands of assets. These days we measure in the billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets. And I think that ultimately when the latest and greatest and catastrophic new vulnerabilities come out and sadly that's a monthly occurrence these days, you can't just now wait around for things to kind of scan through the environment and figure out what's going on there. Real-time images of vulnerabilities, real-time understanding of what the risk is across that entire massive footprint is essential to be able to do things. And if you don't, then lots and lots of teams of people are tasked with doing this day in, day out in order to accomplish the task. The second thing I think is the reach. Scanners can't go everywhere. They don't really deal well with environments. They're a mixed ITOT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an ARMA standpoint of both passive and active, we reach a tremendous scale, I think within the environment and ability to provide a reach that is complete. What if you could have vulnerability management cover 100% of your environment and in a very effective manner and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand what are the assets I'm dealing with. And more importantly, what is the criticality of these assets? So I can better prioritize and manage the entire process along the way. So with these things in mind, that's what ARMAs basically pulled out as a vulnerability management process. What if we could collect all the vulnerability information from your entire environment and give you a map of that, on top of that map of assets, connect every single vulnerability and finding to the relevant assets and give you a real way to manage that automatically and in a way that prevents teams of people from having to do a lot of grunt work in the process. Yeah, it's like building a search engine almost. You got the behavioral contextual, you got to understand what's going on in the environment and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned. This is a huge differentiator in my mind. I want to unpack that. Understanding what's going on and then what to pay attention to. It's a data problem. This we got, you got that kind of search and cataloging of the assets and then you got the contextualization of it. But then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal because your businesses, your operation is going to have some important pieces, but also it changes in on agility. So how do you guys do that? That's, I think, a key piece. Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple. And I'll take an example we're all very, very familiar with and it's been beaten to death, but it's still a good example, which is log for J or log for Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of log for J. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of system and a typical enterprise that have log for J in them. But asset criticality and the application and business context are key here because some of these different assets that have log for J are part of your critical business function and your critical business applications and they deserve immediate attention. Some of them are some Git server of some developer somewhere and don't warrant quite the same attention or criticality as others. ARMS helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together what applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my dot-com website, understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported and the firewalls and every aspect along the way, that's the bread and butter of the relationship mapping that ARMS puts into place to be able to do that. And we also allow users to tweak ad information, connects us with their CMDB or anywhere else where they put this in. But once the information is in, that can serve vulnerability management, it can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some of these applications, I just want to be able to put SLAs on that this must be solved within a week, this must be solved within a month and be able to actually automatically track all of these in a world that is very, very complex inside of an operation of an enterprise. We're going to hear from some of your customers later, but I want to get your thoughts on anecdotally. What do you hear from, you're the CTO co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. What are some of the comments? Well, first of all, of course, that's what they're saying. They're saying we're great, of course always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration led design or led deployment and the fact that we are a completely agentless SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one-click deployment across the environment, it's almost not worth the effort these days because environments are so complex that you can't fully realize the value any other way. So from an ARMIS standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agentless in the sense that we don't need to go around installing a footprint within the environment and for clients who already have ARMIS, the fact that it's a flip of a switch, just turn it on or extreme. I think that the fact in particular that ARMIS can be deployed, the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is, but yeah, that's- The agentless thing is huge. What's the alternative? What does it look like if they're going to go the other route? Slow to deploy, have meetings, launch it in the environment. What's it look like? I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there. The punch holes through firewalls to install scanners in different ways. They don't want yet another scanner or yet another agent. ARMIS rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it and that's really what makes this so easy and seamless. Talk about ARMIS research. Can you talk about what's sad about what's going on there? What are you guys doing? How do you guys stay relevant for your customers? For sure. So one of the, I've made a lot of bold claims throughout, I think the entire Q&A here, but one of the biggest magic components, if you will, to ARMIS that kind of help explain what all these magic components are are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that ARMIS has deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that ARMIS learns about vulnerabilities from other environments. A new log for J comes out, for instance, it's enough that in some environments, ARMIS is able to see it from scanners or from agents or from S-bombs or anything that basically provides information about log for J. And ARMIS immediately infers or creates enrichment rules that act across the entire tenant base or the entire client base of ARMIS. So very quick response to industry events whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour. But also I'd say that ARMIS does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients and also a lot of partners within the industry that ARMIS leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TL-Storm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspects. So on the one hand, a cyber space and kind of virtual environment, but on the other hand, the actual physical space, vulnerabilities and things like UPSs or industrial equipment or things like that. But I will say that also ARMIS targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like Urgent 11, which was research into on the one hand, operating systems that run on two billion different devices worldwide. On the other hand, in the 40 years that existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think for the industry to be better at what they do. Austin Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to invest to get to be ready for a moment's notice on all aspects of the operating environment down to the hardware, down to the packet level, down to any vulnerability to be ready for it. Great job. Thanks for sharing, appreciate it. Absolutely. In a moment, Tim Everston's going to join us. He's the ceaser of Kalahari resorts and conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier, thanks for watching. Part of the shift in how attackers think of networks and enterprises is basically where do I get my money from? And there is a seismic shift that came from attackers no longer going after data, as much as after the operations of a business. So ransomware is not only on the rise, it's on an exponential curve of a rise and connected devices play a part in multiple ways. In an average environment that we are going to, 80 to 90% of the devices there are unmanaged. And basically this is just growing and growing and creating a huge gap around visibility and control of those assets. And this is being leveraged by attackers more and more. When we started RMS, it was a shock to us that enterprises just have no idea what they have on their network or in their environment. We've seen even situations where devices as innocent as a boardroom control tablet are sending out large amounts of data which turned out to be video and audio from the boardroom to some unknown internet location. RMS was basically built to be the best in the world in knowing devices, from the basics of understanding what the device is down to the exact make model OS, which is so crucial during an investigation and provide us a lot of data. A lot of data that allows us to learn patterns of what's good, what's bad and how an attack would look like on variety of different types of devices. It allows us to detect this fast and also to stop it in real time. One solution that can provide a complete converged view of everything and a complete security for the entire environment is the only way to go. And that's really what RMS is building. Okay, welcome back to the portion of the program for customer lightning talks where we chat with RMS's customers for a rapid fire five minute session on their CISO perspectives and insights into cybersecurity. First up is Tim Everson CISO of Kalahari Resorts and Conventions. Let's get it going. Hi, Tim, welcome to theCUBE and RMS program, managing risk across your extended surface area. Thanks for having me, appreciate it. So let's go, let's get going. So unified visibility across the extended asset serves as key. You can't secure what you can't see. Tell me about what you're able to centralize your views on network assets and what is RMS doing from an impact standpoint that's had on your business? Sure, so traditionally basically, you have all your various management platforms, your Cisco platforms, your Sims, your wireless platforms, all of the different pieces. And you've got all this disparate data out there and you've got to chase all of this data through all these different tools. RMS is fantastic and was really point blank, drop in place for us as far as getting access to all of that data all in one place and giving us visibility into everything. Basically open the doors, letting us see our customer wireless traffic, our internal traffic, our PCI traffic because we deal with credit cards, HIPAA, compliance, all this traffic, all these different places, all in the one. All right, next up, vulnerability management is a big topic across all assets, not just IT devices. The gaps are there in the current vulnerability management programs. How has RMS vulnerability management made things better for your business and what can you see now that you couldn't see before? So RMS gives me better visibility of the network side of these vulnerabilities. You know, you have your Nessus vulnerability scanners of things that look at machines, look at configurations and hard facts. Nessus gives you all those, but when you turn to RMS, RMS looks at the network perspective, takes all that traffic that it's seeing on the network and gives you the network side of these vulnerabilities. So you can see if something's trying to talk out to a specific port or to a specific host on the internet. And RMS consolidates all that and gives you trusted sources of information to validate where those are coming from. You know, when you take into account all the criticality of the different kinds of assets involved in a business operation and they're becoming more wider, especially with Edge and other areas, how has the security workload changed? The security workload has increased dramatically, especially in hospitality. In our case, we have, you know, not only do we have hotel rooms and visitors and our guests, we also have a convention center that we deal with. We have water parks and fun things for people to do, you know, families and businesses alike. And so when you add all those things up and you add the wireless and you add the network and, you know, the audio video and all these different pieces that come into play with all of those things in hospitality and you add our convention centers on top of it, the footprints just expanded enormously in the past few years. You know, when you have a digital transformation in a use case like yours, it's very diverse. You need a robust network. You need a robust environment to implement SaaS solutions, no ages to deploy, no updates needed. You got to be in line with that to execute and scale. How easy was ARMS to implement ease of use to simplicity to plug and play? In other words, how quickly do you achieve this time to value? Oh, goodness. We did a proof of concept about three months ago and one of our resort locations, we dropped in an ARMS appliance and literally within the first couple hours of the appliance being on the network, we had data on 30 to 40,000 devices that were touching our network. Very quick and easy, very drop in plug and play and moving from the, you know, the POC to production, same deal. We dropped in these appliances in each site. Now we're seeing over 180,000 devices touching our networks within a given week. ARMS has this global asset knowledge base, it's crowdsourced and eight asset intelligent engine. It's a game changer. It tracks managed, unmanaged, IoT devices. Were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? Oh, absolutely. You know, not only do we have the devices that, you know, that we have, but you know, we have guests that bring things on site all the time. Roku TVs and players and Amazon Firesticks and all these different things that are touching our network and seeing those in real time and seeing how much traffic they're using. You know, we can see utilization. We can see, you know, exactly what's being brought on. We can see vehicles in our parking lot that have access points turned on. It's just amazing how much data this opened our eyes to that, you know, you know, it's there, but you don't ever see it. Is bring your own equipment to the resort so you can watch all your Netflix, HDMI cable, everyone's doing it now. I mean, this is the new user behavior. Great insight. Anything more you'd want to say about Armist for the folks watching? I would say the key is they're very easy to work with. The team at Armist has worked very closely with me to get the integrations that we've put in place, you know, with our networking equipment, with our wireless, with different pieces of things. And they're working directly with me to help integrate some other things that we've asked them to do that aren't there already. Their team is very open. They listen. They take everything that we have to say as a customer to heart and they really put a lot of effort into making it happen. All right, Tim. Well, thanks for your time. I'm John Furrier with theCUBE, the leader in enterprise tech coverage. Up next in this lightning talk session is Brian Gilligan, manager, security and operator for field properties. Thanks for watching. Cleveland is about 40 miles northeast of the big city of Houston. So we're a suburban outlying area. When I first came to Cleveland in 2013, we had a total student population of 3,200 students. Currently now in 2022, we sit at 11,200 students. We are one of five of the fastest growing districts in the entire state of Texas. Our biggest security challenge was we had to deal with an outdated infrastructure, right? And we were only concerned with devices that were internal. But because of the pandemic, we had to open up our network to devices in the community. So the biggest concern is that we have devices that are not managed by the district, transversing our network. So we had to look at a way of securing it. The biggest issue is we had to anticipate the size of the device. Our district is what we consider a hyper growth district. We grew from 6,000 to almost 11,000 today. So we had to make a very educated guess on the size of our network. As an executive director, people don't realize that I am not in the trenches, right? My job basically is to give advice to our administration and to secure the device in our students' staff. One of our vendors, GTS, reached out and said, hey, we have a very good product that is industry used. I was like, okay, let's look at it. And they introduced Artemis. The Artemis product that we deployed was the cybersecurity and asset management tool that provided us with a snapshot of our infrastructure. It also tells us device, the OS, and it gives us cybersecurity alert and some triggers that may affect our network operability. We were able to detect devices that were rogue on our network and were able to proactively prevent future attacks that we presume that could have been detrimental to our network. Once we designed Artemis, it was brought in as a proof of concept and the team at Artemis was so quick at adding it to our network. Since we've deployed the Artemis solution, we have been able to decrease our troubleshooting time by more than 50%. Since we have Artemis, we can literally find in five minutes where a device is, what applications he's using and when he got off the network. Some of the benefits we have experienced since we deployed the solution. The biggest one is data. Data, data, data. We are a data-driven school district. Every single piece of equipment that I bring to my superintendent or to my school board to purchase has to be supported by data. The data that's provided from Artemis is immeasurable. Four is a lot of educational gifts, but here we have a device that provides data in real time. So for ease of use and agentless, it's invaluable. One thing I would tell other school districts if you're looking for a security appliance to give you beneficial data, to be able to cut costs, to save a lot of time in troubleshooting, I would say go with Artemis. It has helped us tremendously and I have a lot of pressure off of my chest, knowing that Artemis is my eyes on my network. Okay, up next in the Lightning Talks session is Brian Gallaghan, manager, security and operator at Brookfield Properties. Brian, great to see you. Thanks for coming on. Thanks for having me, John. So Unified Visibility Across Extended Asset Surface Area is key these days. You can't secure what you can't see. So tell me more about how you were able to centralize your view of network assets with Artemis and what impact that had on your business. Yeah, that's been a really key component of ours where we've actually owned multiple companies within and are always acquiring companies from time to time. So it's always a question, what is actually out there and what do we need to be worried about? So from an inventory and perspective, it's definitely something that we've been looking into. Artemis was a great partner in being able to get us the visibility into a lot of the IoT that we have out in the environment. And then also trying to find what we have and what's actually installed on those devices, what's running, who's talking to who. So that's definitely been a key component with our partnership with Artemis. You know, we interviewed a lot of practitioners and companies and one of the things we found is vulnerability management programs, there's a lot of gaps, you know, vulnerability management comes across, well, sometimes just IT devices, but not all assets. How has Artemis vulnerability management made things better for your business and what can you see now that you couldn't see before? Yeah, again, because we own multiple companies and they actually use different tools for vulnerability management, it's been a challenge to be able to compare apples to apples on when we have vulnerability, when we have risk out there, how do you put a single number to it? How do you prioritize different initiatives across those sectors? And being able to use Artemis and have that one score, have that one visibility and also that one platform that you can query across all of those different companies has been huge because we just haven't had the ability to say, are we vulnerable to X, Y and Z across the board in these different companies? You know, it's interesting when you have a lot of different assets and companies as you mentioned, it kind of increases the complexity. And yeah, we love the enterprise. You solve complexity by more complexity, but that's not the playbook anymore. We want simplicity. We want to have a better solution. So when you take into account the criticality of these businesses you're integrating in in real time and the assets within those business operations, you got to keep focused on the right solutions. What has Artemis done for you that's been correct and right for you guys? Yeah, so being able to see the different, like be able to actually drill down into the nitty-gritty on what devices are connecting to what, being able to enforce policies that way, I think has been a huge win that we've been able to see from Artemis. It's one of those things where we were able to see North-South traffic, no problem with our typical SIM tools, firewall tools, different logging sources, but we haven't been able to see anything East-West. And that's where we're going to be most vulnerable. That's where we've been actually found some gaps in our coverage from a pen test perspective where we've found that we don't have that visibility. Artemis has allowed us to get into that communication to better fine-tune the rules that we have across devices, across sectors, across the data center to properties, properties of the data center and then also to the cloud. Yeah, visibility into the assets is huge, but as you're in operations, you got to operationalize these tools. I mean, some people sound like they got a great sales pitch and all of a sudden it's like, wait a minute, I got to reconfigure my entire operations. At the end of the day, you want to have an easy to use but effective capability so you don't taxed either personnel or operations. How easy has it been with Artemis to implement from an ease of use, simplicity, plug and play? In other words, how quickly did you get to the time to value? Can you share your thoughts? This honestly is the biggest value that we've seen in Artemis. I think a big kudos goes to the professional services group for getting us stood up, being able to explain the tool, be able to dig into it and then get us to that time to value. Honestly, we've only scratched the service on what Artemis can give us, which is great because they've given us so much already. So definitely taking that model of let's crawl, walk, run with what we're able to do, but the professional services team has given us so much assistance in getting from one collector to now many collectors and we're in that deployment phase where we're able to gather more data and find those anomalies that are out there. Again, big props to the professional services team. Yeah, I don't know the expression when the whole democratization happened on the web. Here comes all the people, social media and whatnot. Now with IoT, here comes all the devices. Here comes all the things. More things are being attached to the network. So Artemis has this global asset knowledge base that crowdsources the asset intelligence. How has that been a game changer for you? And were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? We have a large Wi-Fi footprint for guests, vendors, contractors that are working on site, along with our corporate side, which has a lot of devices on it as well and being able to see what devices are using, what services on there and then be able to fingerprint them easily has been huge. I would say one of the best stories that I can tell is actually with a pentus that we ran recently, we were able to determine what the pentus device was and how it was acting anomalous. And then fingerprint that device within five minutes opposed to getting on the phone with probably four or five different groups to figure out what is this device? It's not one of our normal devices. It's not one of our normal builds or anything. We were able to find that device within probably three to five minutes with ARMIS and the fingerprinting capability. Yeah, nothing's going to get by you with these port scans or any kind of activities, so to speak, which I've been on the Wi-Fi, great stuff. Anything else you'd like to share about ARMIS while I got you here? Yeah, I would say that something recently we actually have an open position on our team currently and one of the most exciting things is being able to share our journey that we've had with ARMIS over the last year, year and a half and their eyes light up when they hear the capabilities of what ARMIS can do, what ARMIS can offer. You see a little bit of jealousy of, hey, I really wish my current organization had that and it's one of those selling tools that you're able to give to security engineers, security analysts saying, here's what you're going to have on the team to be able to do your job right so that you don't have to worry about necessarily the normal mundane things. You get to actually go do the cool hunting stuff, which ARMIS allows you to do. Well, Brian, thanks for the time here on this lightning talk. Appreciate your insight. Hi everyone, welcome back to the Manage Risk across your extended attack service area with ARMIS asset intelligence platform. I'm John Furrier, your host. We're here at the CISO perspective. Alex Shuckman, who is the CISO of Colgate, Colgate Palmol of company. Alex, thanks for coming on. Thanks for having me. You know, unified visibility across the enterprise surface area is about knowing what you got to protect. You can't protect what you can't see. Tell me more about how you guys are able to centralize your view with network assets with ARMIS. Yeah, I think the most important part of any security program is really visibility. And that's one of kind of the building blocks when you're building a security program. You need to understand what's in your environment, what you control, what is being introduced, new into the environment. And that's really what any solution that gives you full visibility to your infrastructure, to your environment, to all the assets that are there, that's really one of your bread and butter pieces to your security program. What's been the impact on your business? You know, I think from an IT point of view running the security program, you know, our key thing is really enabling the business to do their job better. So if we can give them visibility into all the assets that are available in their individual environments, and we're doing that in an automated fashion with no manual collection, you know, that's yet another thing that they don't have to worry about and then we're delivering because really IT is an enabler for the business. And then they can focus really on what their job is, which is to deliver product. And a lot of changes in their network. You got infrastructure, you got IoT devices, OT devices. So vulnerability management becomes more important. It's been around for a while, but it's not just IT devices anymore, they're gaps in vulnerability across the OT network. What can you tell us about Colgate's use of Armistice vulnerability management? What can you see now? What couldn't you see before? Can you share your thoughts on this? Yeah, I think what's really interesting about the kind of manufacturing environments today is if you look back a number of years, most of the manufacturing equipment was really disconnected from the internet. It was really running in silos. So it was very easy to protect equipment that isn't internet connected. You could put a firewall, you could segment it off and it was really on an island on its own. Nowadays, you have a lot of IoT devices, you have a lot of internet connected devices, sensors providing information to multiple different suppliers or vendor solutions. And you have to really then open up your ecosystem more, which of course means you have to change your security posture and you really have to embrace if there's a vulnerability with one of those suppliers, then how do you mitigate the risk associated to vulnerability? Armistice really helps us get a lot of information so that we can then make a decision with our business teams. That whole operational aspect of criticality is huge. How on the assets knowing what's the key, how does that change the security workload for you guys? Yeah, for us, I mean, it's all about being efficient. If we can have the visibility across our manufacturing environments, then my team can easily consume that information. We spend a lot of time trying to digest the information, trying to process it, trying to prioritize it, that really hurts our efficiency as a team or as a function. What we really like is being able to use technology to help us do that work. We're not an IT shop, we're a manufacturing shop but we're a very technical shop so that we like to drive everything through automation and not be a bottleneck for any of the actions that take place. You know, the old expression is the juice worth the squeeze. It comes up a lot when people are buying tools around vulnerability management and all this stuff. So SaaS solution is key with no agents to deploy, they have that. Talk about how you operationalize ARMIS in your environment. How quickly did it achieve time to value? Take us through that consumption of the product and what was the experience like? Yeah, I'll definitely say in the security ecosystem that's one of the biggest promises you hear across the industry. And when we started with ARMIS, we started with a very small deployment and we wanted to make sure if it was really worth the lift to your point. We implemented the first set of plants very quickly, actually even quicker than we had put in our project plan which is not typical for implementing complex security solutions. And then we were so successful with that we expanded to cover more of our manufacturing plants and we were able to get really true visibility across our entire manufacturing organization in the first year with the ability to also say that we extended that information, that visibility to our manufacturing organization and they could also consume it just as easily as we can. That's awesome. How many assets did you guys discover? Just curious on the numbers. Oh, that's the really interesting part. Before we started this project, we would have had to do a manual audit of our plants which is typical in our industry. When we started this project and we put in estimates, we really didn't have a great handle on what we were going to find. And what's really nice about the ARMA solution is it's truly giving you full visibility. So you're actually seeing besides the servers and the PLCs and all the equipment that you're familiar with, you're also connecting it to your wireless access points, you're connecting it to see any of those IoT devices as well and then you're really getting full visibility through all the integrations that they offer. You're amazed how many devices you're actually seeing across your entire ecosystem. It's like Google Maps for your infrastructure. You got a little street view, you want to look at it, you got the fake tree in there, whatever, but it gives you the picture. That's key. Correct. With a nice visualization and an easy search engine similar to your Google analogy, everything is really at your fingertips. If you want to find something, you just go to the search bar, click a couple entries and boom, you get your list of the associated devices or the associated locations devices. Well, Alfred, I appreciate your time. I know you're super busy as a CSIC, a lot of your plate. Thanks for coming on and sharing, appreciate it. No problem, John. Thanks for having me. Hello, welcome back to the manager risk across the extended attack surface with Armist. I'm John Furrier, host of theCUBE, got the demo. God here, Brian Inman, sales engineer at Armist. Brian, thanks for coming on. We're looking forward to the demo. How are you doing? I'm doing well, John, thanks for having me. You know, we heard from Nadir describing Armist's platform, a lot of intelligence. I think a search engine meets data at scale, intelligent platform around laying out the asset map, if you will, the new vulnerability module, among other things that really solves CISOs problems. A lot of great customer testimonials. And we got the demo here that you're going to give us. What's the demo about? What are we going to see? Well, John, thanks. Great question. And truthfully, I think as Nadir has pointed out, what Armist as a baseline has given you is great visibility into every asset that's communicating within your environment. And from there, what we've done is we've layered on known vulnerabilities associated with not just the device, but also what else is on the device? Is there certain applications running on that device? The versions of those applications and what are the vulnerabilities known with that? So that's really, it gives you great visibility in terms of the devices that folks aren't necessarily have visibility into now. Unmanaged devices, IoT devices, OT, critical infrastructure, medical devices, things that you're not necessarily able to actively stand or put an agent on. So not only is Armist telling you about these devices, but we're also layering on those vulnerabilities all passively and in real time. A lot of great feedback we've heard. And I've talked to you, some of your customers, the agent less is a huge deal. The discovery's at awesome. You can see everything and just getting real time information. It's really, really cool. So I'm looking forward to the demo for our guests. Take us on that tour. Let's go with the demo for the guests today. All right, sounds good. So what we're looking at here is within the Armist console is just a clean representation of the passive reporting of what Armist has discovered. So we see a lot of different types of devices from your virtual machines and personal computers, things that are relatively easy to manage, but working our way down, you're able to see a lot of different types of devices that are not necessarily easy to get visibility into, things like your up systems, IP cameras, dash cams, et cetera, lighting systems. And today's day and age where everything is moving to that smart feature, it's great to have that visibility into what's communicating on my network and getting that, being able to layer on the risk factors associated with it as well as the vulnerabilities. So let's pivot over to our vulnerabilities tab and talk about the ADM portion, the asset vulnerability management. So what we're looking at is the dashboard where we're reporting another clean representation with customizable dashlets that gives you visuals and reporting and things like new vulnerabilities as they come in. You know, one of the most critical vulnerabilities that are the newest as they roll in, the vulnerabilities by type. We have hardware, we have application, we have operating systems. As we scroll down, we can see things to break it down by vulnerabilities by the operating system, windows, Linux, et cetera. We can take, you know, create dashlets that show you views of the number of devices that are impacted by these CDEs. And scrolling down, we can see, you know, how long have these vulnerabilities been sitting within my environment? So what are the oldest vulnerabilities we have here? And then also, of course, vulnerabilities by applications. So things like Google Chrome, Microsoft Office, so we're able to give a good representation of the amount of vulnerabilities as they're associated to the hardware and applications as well. So we're gonna dig in and take a deeper look at one of these vulnerabilities here. So I'm excited to talk today about where Armist's AVM is, but also where it's going as well. So we're not just reporting on things like the CVSS score from NIST NVD. We're also able to report on things like the exploitability of that, right? How actively is this CVE being exploited in the wild, right? We're reporting EPSS scores, for example. We're able to take open source information as well as a lot of our partnerships that we have with other vendors that are giving us a lot of great value of known vulnerabilities associated with the applications and with hardware, et cetera. But where we're going with this is we're in very near future releases. We're gonna be able to take sort of an algorithm approach of what are the most critical CVSSs that we see? How exploitable are those? What are common threat actors doing with these CVEs? Have they weaponized these CVEs? Are they actively using those weaponized tools to exploit these within other folks' environments? And who's reporting on these? So we're gonna take all of these and then really add that Armist's flavor of we already know what that device is and we can explain and so can the users of it the business criticality of that device. So we're able to pivot over to the matches as we see the CVEs, we're able to very cleanly view what exactly are the devices that the CVE resides on? And as you can see, we're giving you more than just an IP address or a lot more context and we're able to click in and dive into what exactly are these devices and more importantly, how critical are these devices to my environment? If one of these devices were to go down, if it were to be a server, whatever it may be, I would wanna focus on those particular devices and ensuring that that CVE, especially if it's an exploitable CVE, were to be addressed early, earlier than say the others and really be able to manage and prioritize these. Another great feature about it is, for example, we're looking at a particular CVE in terms of its patch and build number from Windows 10. So the auto result feature that we have, for example, we've passively detected what this particular personal computer is running Windows 10 and the build and revision numbers on it. And then once Armist passively discovers an update to that firmware and patch level, we can automatically resolve that, giving you a confidence that that has been addressed from that particular device. We're also able to customize and look through and potentially select a few of these, say these particular devices reside on your guest network or an employee Wi-Fi network where we don't necessarily, I don't wanna say care, but we don't necessarily value that as much as something internally that holds significantly more business criticality. So we can select some of these and potentially ignore or resolve for determining reasons, as you see here. I'd be able to really, truly manage and prioritize these CVEs. As I scroll up, I can pivot over to the remediation tab and open up each one of these. So what this is doing is essentially, Armist says, through our knowledge base, been able to work with the vendors and pull down the patches associated with these. And within the remediation portion, we're able to view, for example, if we were to pull down the patch from this particular vendor and apply it to these 60 devices that you see here, now we're able to view which patches are gonna give me the most impact as I prioritize these and take care of these affected devices. And lastly, as I pivot back over, again, where we're at now is we're able to allow the users to customize the organizational priority of this particular CVE to where in terms of, Mist has given us a high CVSS score, but maybe for whatever reasons it may be, maybe the CVE, in terms of this particular logical segment of my network, I'm gonna give it a low priority for whatever the use case may be. We have compensating controls set in place that render this CVE not impactful to this particular segment of my environment. So we're able to add that organizational priority to that CVE. And where we're going, as you can see that popped up here, but where we're going is we're gonna start to be able to apply the organizational priority in terms of the actual device level, right? So what we'll see is we'll see a column added to here to where we'll see the business impact of that device based on the importance of that particular segment of your environment or the device type, be it critical networking device or maybe a critical infrastructure device, PLCs, controllers, et cetera, but really giving you that passive reporting on the CVEs in terms of what the device is within your network. And then finally, we do integrate with your vulnerability management and scanners as well. So if you have a scanner actively scanning these, but potentially they're missing segments of your network or they're not able to actively stand certain devices on your network, that's the power of ARMS being able to come back in and give you that visibility of not only what those devices are for visibility into them, but also what vulnerabilities are associated with those passive devices that aren't being scanned by your network today. So with that, that concludes my demo. So I'll kick it back over to you, John. Awesome, great walk through there. Take me through what you think the most important part of that is that the discovery piece is at the interaction. What's your favorite? Honestly, I think my favorite part about that is in terms of being able to have the visibility into the devices that a lot of folks don't see currently. So those IoT devices, those OT devices, things that you're not able to run a scan on or put an agent on. ARMS is not only giving you visibility into them, but also layering in, as I said before, those vulnerabilities on top of that. That's just visibility that a lot of folks today don't have. ARMS does a great job of giving you visibility and vulnerabilities and risks associated with those devices. So I have to ask you, when you give this demo to customers and prospects, what's the reaction? Falling out of their chair moment, are they more skeptical? It's almost too good to be true. And to end vulnerability management is a tough nut to crack in terms of solution. Honestly, a lot of clients that we've had, especially within the OT and the medical side, they're blown away because at the end of the day, when we can give them that visibility, as I've said, hey, I didn't even know that those devices resided in that portion, but not only are we showing them what they are and where they are and enrichment on risk factors, et cetera, but then we show them, hey, there's a known, we've worked with that vendor, whatever it may be, and Rockwell, et cetera. And we know that there's vulnerabilities associated with those devices. So they just seem to be blown away by the fact that we can show them so much about those devices from behind one single console. It reminds me of the old days. I'm going to date myself here. Remember the old Google Maps mashup days? This is, customers talk about this as the Google Maps for their assets. And when you have the Google Maps, then you have the Ubers out there. You can look at the trails. You can look at what's happening inside the enterprise. So there's got to be a lot of interest in once you get the assets, what's going on in those networks, or those roads, if you will, because you got in packet movement. You got things happening. You got upgrades. It's changing devices. It's always on kind of living thing. Absolutely. Yeah, it's what's on my network. And more importantly at times, what's on those devices, right? What are the risks associated with the applications running on those? How are those devices communicating? And then as we've seen here, what are the vulnerabilities associated with those and how can I take action with them? All right, real quick. Put a plug in for where I can find the demos at online, it's on YouTube, on the website. Where does someone see this demo? Yeah, the Armist website has a lot of demo content loaded. I get you in touch with folks like my engineers like myself to provide demos whenever needed. All right, Brian, thanks for coming on the show. Appreciate sales engineer Armist, Brian Inman, given the Demo God Award out to him. Good job. Thanks for the demo. Thanks, thanks for having me. Okay. You know, in a moment, we're going to have my closing thoughts on this event and really the impact to business operation side. In a moment, I'm John Furrier of theCUBE. Thanks for watching. So the biggest problem with remediating vulnerabilities is prioritization and resources. Every team has too few people. Every team has too many vulnerabilities. What you need is the ability to smartly prioritize what your team needs to spend their time remediating. And asset intelligence, asset context is a huge part of that. You might have vulnerabilities that allow someone from the outside to come in and remotely control a machine. You know, that would get a critical rating. Other vulnerabilities allow someone to mess with data on the machine. It really depends. But ultimately, it's not just about CVEs. It's paying attention to the conditions which allow CVEs to be exploited. You want to understand what other assets that asset communicates with. So there are layers of intelligence that you can get about assets. The more that you have on each asset, the better. The better for security and also the better for enhancing workflows that today are pretty manual without having a good source for up-to-date accurate asset intelligence. Having the asset intelligence, having the context around that device helps your team understand what they need to prioritize remediation of first. Hi everyone, welcome to the closing statement. This program produced by theCUBE is called Managing Your Risk Across the Extended Attack Surface with Armus Asset Intelligence Platform. You heard a lot about Armus vulnerability management from the CTO and the Co-Founder. They have big-time customers, testimonials, all for your mom and a big demo to show you how easy their agentless program works and how easy it is to get time to value. It looks like they got a lot of traction with big-time customers, which is great for the industry to keep pushing ahead with these new security capabilities. This is a big problem that they solve. Having visibility into the entire asset base, kind of on this discovery basis, it brings a Google Maps vibe to lay out all the assets and then understand the context of those. This is kind of given new kind of visibilities to take better action, to understand what to protect and when to protect it. Critical assets versus non-critical, which alerts to look at what not to, all the data is there on a dashboard. So this should help security professionals and operations teams be faster, smarter, more efficient, and enable their developers to develop the best solutions. This is a win for security owners and managers and operators and developers. And you got a great company, like Armus, bringing a great solution with this new platform. Let's see how it does. They got a bold customer base and strong management team and great technology. This is the CUBE Special Program, John Furrier, your host. Thanks for watching. If you want a deeper dive of this subject, go check out their website, armus.com, slash AVM. You just get a solution brief and all their material and there's plenty of people to talk to. Thanks for watching.