Mar 17, 2020

Cisco + Armis: Delivering a New Era of Device Protection


One of the many advantages that the Armis Platform brings is its ability to easily integrate with your existing network infrastructure and IT security and management systems.

In this first of a series of posts about the many integrations that are possible between the Armis platform and these tools, this post describes the benefits of using Armis together with Cisco’s Identity Services Engine (ISE).

What Do I have, Why Do I Care and What Action Should I Take?

First, let’s take a step back and discuss what Armis provides:

  • Asset Inventory – The most comprehensive device discovery and asset inventory of devices on and off the network. Armis identifies and classifies every device on your network – managed, unmanaged and IoT – by ingesting traffic and other information from your infrastructure, this information is transformed into metadata and sent (without any data payloads) to the Armis cloud-based analysis engine. With Armis you can now see: 
    • What hardware and software is on the network and in the enterprise airspace
    • What each device is doing
    • What risk and vulnerabilities may be associated with each device 
  • Risk Assessment – Passive, real-time continuous vulnerability assessment with deepest device behavior and threat intelligence. Armis then analyzes the network traffic and other information to detect threats, compromised devices, and various kinds of inappropriate or unwanted behavior (e.g. sensitive information being transmitted unencrypted) and provides a risk score for each individual device.   
  • Detection & Response – Critical incident response and remediation of threats to compromised devices. Armis then feeds information back to your existing network, security, and management systems. This is used to:
    • Protect your environment through automated incident response
    • Integrate with and provide full device context to every SOC tool or workflow (such as SIEM, Ticketing, Firewall, NAC, etc.)
Discover, Analyze, Protect and Inform

Here’s how it works when Cisco ISE is the security management system integrated into the process:

  • Armis passively monitors network traffic
  • Armis identifies & classifies all devices on and off the network
  • Armis detects & identifies malicious device behavior
  • Armis alerts Cisco ISE using pxGrid
  • Cisco ISE takes action to block or quarantines suspicious or malicious devices
Managed vs Unmanaged and IoT Devices

When Armis detects a threat on your network, Armis informs Cisco ISE which can automatically quarantine the suspicious or malicious device to neutralize the threat. Through this integration, Armis lets you and your team:

  • Leverage your existing investment in Cisco ISE
  • Take action immediately to break the kill chain
  • Gain peace of mind you need for all devices, managed and unmanaged

Bottom line: Armis + Cisco ISE significantly improves enterprise-wide device discovery AND security.

For more information on Armis and Cisco ISE, download the solution brief here.

Get Updates!

Sign up to receive the latest news