Cisco + Armis: Delivering a New Era of Device Protection
Director, Market Intelligence
One of the many advantages that the Armis Platform brings is its ability to easily integrate with your existing network infrastructure and IT security and management systems.
In this first of a series of posts about the many integrations that are possible between the Armis platform and these tools, this post describes the benefits of using Armis together with Cisco’s Identity Services Engine (ISE).
First, let’s take a step back and discuss what Armis provides:
AssetInventory – The most comprehensive device discovery and asset inventory of devices on and off the network. Armis identifies and classifies every device on your network – managed, unmanaged and IoT – by ingesting traffic and other information from your infrastructure, this information is transformed into metadata and sent (without any data payloads) to the Armis cloud-based analysis engine. With Armis you can now see:
What hardware and software is on the network and in the enterprise airspace
What each device is doing
What risk and vulnerabilities may be associated with each device
RiskAssessment – Passive, real-time continuous vulnerability assessment with deepest device behavior and threat intelligence. Armis then analyzes the network traffic and other information to detect threats, compromised devices, and various kinds of inappropriate or unwanted behavior (e.g. sensitive information being transmitted unencrypted) and provides a risk score for each individual device.
Detection & Response – Critical incident response and remediation of threats to compromised devices. Armis then feeds information back to your existing network, security, and management systems. This is used to:
Protect your environment through automated incident response
Integrate with and provide full device context to every SOC tool or workflow (such as SIEM, Ticketing, Firewall, NAC, etc.)
Here’s how it works when Cisco ISE is the security management system integrated into the process:
Armis passively monitors network traffic
Armis identifies & classifies all devices on and off the network
Cisco ISE takes action to block or quarantines suspicious or malicious devices
When Armis detects a threat on your network, Armis informs Cisco ISE which can automatically quarantine the suspicious or malicious device to neutralize the threat. Through this integration, Armis lets you and your team:
Leverage your existing investment in Cisco ISE
Take action immediately to break the kill chain
Gain peace of mind you need for all devices, managed and unmanaged
Bottom line: Armis + Cisco ISE significantly improves enterprise-wide device discovery AND security.
For more information on Armis and Cisco ISE, download the solution brief here.