Nov 18, 2020

Armis & Splunk Fill the Device Visibility & Security Gap for OT Environments


Armis and Splunk® now work together to help CISOs face a triple threat in securing OT environments.

  • Visibility – The need to identify every device, OT, IT, or IoT, including applications and behavior across their environment.
  • IT/OT Convergence – The growth convergence of IT devices working with OT or industrial control systems.
  • Increasing Threats – The growing ransomware attacks, and an increase in malware attacks as warned by the NSA/CISA Alert AA20-205A, warning of a “perfect storm” for attacks on OT environments.

The Armis platform’s integration with Splunk’s Data to Everything platform extends OT visibility and security for a consolidated view of devices and risks that helps you keep your entire environment protected. It reduces demand on your resources, and the need to add additional tools in the future, by leveraging the Splunk solution your security team already uses today.

Armis for Splunk and the Splunk for OT Add-On 

Any good security strategy starts with knowing what hardware and software assets you have on your network. Together, Armis and Splunk ensure your security team has all the information it needs about your entire infrastructure to understand your security posture and protect your business. 

Armis is an agentless, passive device security platform that secures all types of managed and unmanaged devices—OT, medical, IT, and IoT. It discovers and identifies all devices in your environment and their associated risks, performs continuous, real-time risk analysis of device behavior, and detects and automatically responds to threats. Our integration extends visibility and security to OT environments, providing you with a consolidated view of devices and risks right in your Splunk interface. 

Along with the rich asset inventory, risk assessment, and threat detection the Armis platform provides, the Splunk add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments. This add-on expands Splunk’s ability to ingest and monitor OT Assets, improves OT Vulnerability Management including defined applications of MITRE ATT&CK for ICS framework, and interfaces and reports to support customer compliance and audit requirements.

Our integration with Splunk enables organizations in OT and ICS environments to do three important things: 

  1. Manage Risk Effectively, Respond to Threats Efficiently: Armis automatically performs a security risk assessment for every device in your environment. Assessments include an overall device risk score along with detailed information about factors that make a device’s risk profile, for example, connectivity methods, behavior, use of cloud resources, authentication, and manufacturer reputation. If a device’s behavior is considered risky, Armis can block or quarantine the device automatically and generates an alert for your security team in Splunk.
  2. Address Security Framework Compliance Requirements: Armis helps you apply frameworks like CIS Critical Security Controls, NIST, and MITRE frameworks throughout your OT environment. We provide broad-spectrum coverage that supports 11 of 20 Critical Security Controls, and 16 of the NIST CSF controls across the Identity, Protect, Detect, and Respond categories. And Armis can help you audit your network connections to measure your network’s integrity against the Purdue reference architecture.
  3. Get Started Quickly: Armis deploys without installing any endpoint agents or additional hardware. It requires no learning period to start identifying devices or detecting threats, so you can get started seeing value right away. Integration with Splunk is quick and easy too, using Armis connectors you can access from Splunkbase. 

Learn more about our integration with Splunk:

Get Updates!

Sign up to receive the latest news