 Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats and surge of severe vulnerabilities that put these assets at risk. This is happening every day, and many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program where we're going to talk about these problems and how they're solved. Hello everyone, I'm John Furrier, host of the CUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with ARMIS, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of ARMIS, Nadir Israel. Nadir, great to have you on the program. Thanks for having me. Great success with ARMIS. I want to just roll back and just zoom out and look at what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? So ARMIS' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is what if you could actually have a complete unified authoritative asset inventory of everything and stressing that word everything, IT, OT, IOT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization without an actual map of what's going on with charts and graphs. So we're here to provide that map in every aspect of the environment and be able to build on top of that business processes, products and features that would assist security teams in managing that battlefield. So this category basically is the cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? Yeah, it's a mouthful. I think the chasm for short and Gartner do love their acronyms there, but chasm in short is a way to describe a bit of what I mentioned before or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things and kind of where Armist extends that is really with the extended attack surface. That basically means that idea of what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to in your own kind of map application, try to path from New York to whichever your favorite surrounding city, but it only takes you so far and then you sort of need to do the rest of it on your own, not nearly as effective. And in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armist perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them. We provide a criticality rating and the ability to take action on top of these things. Having a map is huge. Everyone wants to know what's on there in their inventory, right? From a risk management standpoint also, from a vulnerability perspective. So I totally see that and I can see that being the holy grail. But on the vulnerability side, you got to see everything. And you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side of it? Because, okay, I can see everything. Now I got to watch out for threat vectors. Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that, vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armus brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days where ransomware is an everyday occurrence and where I think credible up to the minute and contextualized vulnerability and risk information is essential. Scanners or how we've been doing things for the last decade just aren't enough. I think the three things that Armus excels at and completes the security stack today in the vulnerability management side are scale, reach and context. Scale meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands or tens of thousands of assets. These days we measure in the billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets. And I think that ultimately when the latest and greatest and catastrophic new vulnerabilities come out and sadly that's a monthly occurrence these days, you can't just now wait around for things to kind of scan through the environment and figure out what's going on there. Real-time images of vulnerabilities, real-time understanding of what the risk is across that entire massive footprint is essential to be able to do things. And if you don't, then lots and lots of teams of people are tasked with doing this day in, day out in order to accomplish the task. The second thing I think is the reach. Scanners can't go everywhere. They don't really deal well with environments that are mixed, IT OT for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an ARMA standpoint of both passive and active, we reach a tremendous scale, I think within the environment and ability to provide a reach that is complete. What if you could have vulnerability management cover 100% of your environment and in a very effective manner and in a very scalable manner. And the last thing really is context and that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand what are the assets I'm dealing with? And more importantly, what is the criticality of these assets so I can better prioritize and manage the entire process along the way. So with these things in mind, that's what ARMA's basically pulled out as a vulnerability management process. What if we could collect all the vulnerability information from your entire environment and give you a map of that, on top of that map of assets, connect every single vulnerability and finding to the relevant assets and give you a real way to manage that automatically and in a way that prevents teams of people from having to do a lot of grunt work in the process. Yeah, it's like building a search engine almost. You got the behavioral contextual, you got to understand what's going on in the environment and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned. This is a huge differentiator in my mind. I want to unpack that. Understanding what's going on and then what to pay attention to. It's a data problem. Unless you got that kind of search and cataloging of the assets and then you got the contextualization of it. But then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal because your businesses, your operation is going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple. And I'll take an example we're all very, very familiar with and it's been beaten to death, but it's still a good example, which is log for J or log for shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of log for J. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of system in a typical enterprise that have log for J in them. But asset criticality and the application and business context are key here because some of these different assets that have log for J are part of your critical business function and your critical business applications and they deserve immediate attention. Some of them are some Git server, some developer somewhere and don't warrant quite the same attention or criticality as others. Armist helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together what applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my dot-com websites, understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported and the firewalls and every aspect along the way, that's the bread and butter of the relationship mapping that Armist puts into place to be able to do that. And we also allow users to tweak ad information, connects us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management, it can serve other security functions as well, but in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some of these applications, I just want to be able to put SLAs on that this must be solved within a week, this must be solved within a month and be able to actually automatically track all of these in a world that is very, very complex inside of an operation of an enterprise. We're going to hear from some of your customers later, but I want to get your thoughts on anecdotally. What do you hear from? You're the CTO co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. Share some of the comments. Well, first of all, of course, that's what they're saying. They're saying we're great, of course always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration led design or led deployment and the fact that we are a completely agent with SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one-click deployment across the environment, it's almost not worth the effort these days because environments are so complex that you can't fully realize the value any other way. So from an ARMS standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agentless in the sense that we don't need to go around installing a footprint within the environment and for clients who already have ARMS, the fact that it's a flip of a switch, just turn it on or extreme. I think that the fact in particular that ARMS can be deployed, the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is, but yeah, that's- The agentless thing is huge. What's the alternative? What does it look like if they're going to go the other route? Slow to deploy, have meetings, launch it in the environment. What's it look like? I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes by the way for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls to install scanners in different ways. They don't want yet another scanner or yet another agent. ARMS rides on top of the existing infrastructure, the existing agents, the existing scanners, you don't need to do a thing. It just deploys on top of it and that's really what makes this so easy and seamless. Talk about ARMS research. Can you talk about what's sad about what's going on there? What are you guys doing? How do you guys stay relevant for your customers? For sure. So one of the, I've made a lot of bold claims throughout. I think the entire Q&A here, but one of the biggest magic components, if you will, to ARMS that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that ARMS has deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that ARMS learns about vulnerabilities from other environments. A new log for J comes out, for instance, it's enough that in some environments, ARMS is able to see it from scanners or from agents or from S-bombs or anything that basically provides information about log for J. And ARMS immediately infers or creates enrichment rules that act across the entire tenant base or the entire client base of ARMS. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour. But also I'd say that ARMS does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients and also a lot of partners within the industry that ARMS leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TL-Storm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspects. So on the one hand, cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities and things like UPSs or industrial equipment or things like that. But I will say that also ARMS targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real-time operating systems. We came out with things like Urgent 11, which was research into on the one hand, operating systems that run on two billion different devices worldwide. On the other hand, in the 40 years that existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to compliment a lot of the research going on in the industry, serve our clients better, but also provide kind of the inroads, I think for the industry to be better at what they do. Austin Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to invest to get to be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to any vulnerability, I'll be ready for it. Great job. Thanks for sharing, appreciate it. Absolutely. In a moment, Tim Everson is going to join us. He's the CEO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier, thanks for watching.