See Armis Labs in Action:
Defending against the threats that matter most, right now, laying the strategy to preempt the attacks that will come tomorrow.
WATCH THE VIDEO
Armis Labs: Cybersecurity Insights From Experts and Billions of Assets
Armis Labs is a pioneering division dedicated to pushing the boundaries of knowledge and innovation in cybersecurity. A beacon of thought leadership, Armis Labs is committed to empowering organizations with the expertise needed to combat the threats that matter most.
Early Warning Threat Alerts
Early warning intelligence gives you the time to harden your environment before an attack is ever launched.
CrowdStrike Windows IT Outage
Flash Alert
Flash Alert
The CrowdStrike update is linked to major IT outages worldwide.
CrowdStrike is actively working with customers impacted by the defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. Crowdstrike has pulled this update, but organizations worldwide are already affected. The fix requires manual intervention, as the Windows machines are experiencing a looping Blue Screen of Death (BSOD). Armis can help streamline your journey back to normal operations ASAP:
- Identify affected systems (Armis can help with queries to uncover affected systems and the most critical assets to recover first).
- Combine this data with the switch and port information to create a laundry list of assets that need fixing. Manage this process from this query.
- If you have shadow IT within an organization, it can be hard to find. Armis can help you find these assets by reviewing the connections that are trying to communicate with services that are not available. This will help you find these shadow IT servers and then have someone manually fix them.
Please contact Armis directly for Recommended Manual Remediation Steps for Impacted Systems. For more information, click here.
OpenSSH Vulnerability
(CVE-2024-6387 regreSShion)
Early Warning
Not yet published on CISA KEV
Armis Centrix™ for Actionable Threat Intelligence has been reviewing any potential exploitation in the wild of vulnerability (CVE-2024-6387 regreSShion). The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.
However, targeted attacks, specifically for IoT, OT and Medical Devices remain a major concern.
Immediate Steps for Protection:
- Update Now: The most effective way to mitigate this risk is to update OpenSSH to version 9.8 or later.
- Temporary Mitigation: If immediate updating is impossible, set LoginGraceTime to 0 in sshd_config to reduce RCE risk.
- Implement Stricter Access Controls: Tighten SSH access control using firewalls and other network security tools.
NextGen Mirth Connect Remote Code Execution Vulnerability
(CVE-2023-43208)
Early Warning
64 Days Earlier
Armis Centrix™ for Actionable Threat Intelligence identified threat actors leveraging vulnerability (CVE-2023-43208) which can lead to critical medical devices being taken offline, putting patients' lives in danger!
This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.
Armis identified this risk 64 days earlier for our customers:
- CISA KEV Date: 20th of May 2024
- Armis Labs: 17th of March 2024
At the core of Armis Labs lies a world-class research practice, where experts delve into the latest trends and tactics employed by cyber adversaries.
Equipped with state-of-the-art tools and methodologies that leverages one of the largest data sets in the world, the team at Armis Labs conducts in-depth analyses of evolving threats, both in the pre-emergence stage and “in the wild” stage of an attack.
Leveraging data from billions of assets through the AI-driven Armis Asset Intelligence Engine, organizations gain access to actionable threat intelligence tailored to their specific business needs.
Armis Labs harnesses the collective expertise of industry-leading threat intelligence professionals, ensuring comprehensive coverage that leaves no room for blind spots.
Armis Labs Insights
The Armis Labs Advantage
Comprehensive Coverage Across Domains
With assets and devices from IT and OT (operational technology), through IoT (internet of things) and IoMT (internet of medical things), to cloud workloads and code pipelines, Armis Labs offers unparalleled coverage.
Multi-Domain Coverage
Armis Labs covers a wide range of assets, providing holistic visibility and protection across the entire digital ecosystem.
Advanced AI/ML Capabilities
Leveraging state-of-the-art tools, Armis Labs proactively identifies threats, enabling organizations to stay ahead of them.
Early Warning Detection
By leveraging AI and dynamic honeypots, Armis Labs provides the intelligence and mitigation frameworks needed so organizations can defend against attacks in the formulation stage, preempting potential damage.
Vast Asset Database
With access to over 4 billion profiled assets, Armis Labs offers unparalleled insight, empowering security practitioners to make informed decisions.
