The Next Phase of Armis by Yevgeny Dibrov

Read More
May 19, 2021

Cybersecurity Executive Order – A First Step

The White House

As the Armis Federal Product Manager, I have waited with some anticipation for the new cybersecurity executive order (EO). Last week, the White House finally published the EO, titled “Executive Order on Improving the Nation’s Cybersecurity.” Today, I wanted to share my thoughts on the new EO, and how it will impact our customers.

The first and immediate observation is that this is just the first step in an overhaul of cybersecurity for Federal Agencies/Departments and commercial cybersecurity vendors like Armis. The EO is filled with directions to multiple Agencies/Departments to develop new cybersecurity rules and regulations. The actual impact of this EO remains mostly unknown until those rules and regulations are published and enforced.

Secondly, the EO clearly states that the Federal Government is concerned with all devices on their networks, not just traditional enterprise endpoints. The EO calls out Operational Technology (OT) devices as requiring the same cybersecurity protection as a laptop. The EO also calls for improved commercial Internet of Things (IoT) security. This mirrors what Armis has been saying since the beginning of our company, and it is an important step forward in the acknowledgement that securing employee’s laptops is only one aspect of a holistic cybersecurity strategy.

Similarly to a recent Department of Defense (DoD) memorandum on the implementation of Comply to Connect (C2C), this EO pushes beyond C2C into Zero Trust. Zero Trust acknowledges and accepts that perimeter cybersecurity alone is not an adequate solution against today’s cybersecurity threats. Effective Zero Trust requires that the Federal Agency has a detailed understanding of each device on their network as well as that device’s behavior. Without that level of understanding, it is impossible to determine what devices should be trusted, and what devices may be compromised. This is where the Armis Device Knowledgebase of more than one billion devices and over 12 million unique device profiles combined with our ability to develop a detailed understanding of each device and its behavior is critical. The EO requires Agencies and Departments to immediately begin developing a strategy and plan to implement a Zero Trust model.

Finally, the EO requires the deployment of Endpoint Detection and Response (EDR) across their networks. While I think this is an important step, I am concerned that the approach may be just to throw agents on every device on the network. I do hope that Agencies and Departments carefully look at the devices on their network. At Armis, we’ve learned from multiple customers that some devices do not take well to EDR agents being installed. We see this a lot in medical, operational technology, and Internet of Things devices. These devices were never designed with agents in mind, and in some cases, agents can do more harm than good. Armis from its beginning has remained agentless for this very reason. We want to give our customers cybersecurity capabilities without disrupting their devices and operations. I would encourage the use of agents on devices which are well understood and can handle them, but for other devices, a solution like Armis is a lower risk and effective alternative.

While there is much more I could discuss regarding the EO, my final observation is that the White House is finally taking some affirmative action to improve FedRAMP. Armis is listed on the FedRAMP Marketplace as FedRAMP Ready, and many of these changes have the potential to impact our experience as we move towards a full FedRAMP authorization. What is important though, is that it acknowledges the importance of FedRAMP and hopefully makes the necessary changes to streamline the authorization process. If the US Government can improve the processes sufficiently, then more cybersecurity companies will go through the process. This would provide cloud-based cybersecurity capabilities to the Government on par with what is currently available to commercial users. While on-premises solutions have their place, truly advanced cybersecurity solutions live in the cloud where they can leverage artificial intelligence, machine learning, data science, and to do so across a large multi-customer dataset.

Well, that’s my top thoughts on the new EO. There is a lot more in the EO on funding, contracting, and information sharing that are equally important. As Agencies and Departments begin to respond to this new EO and more importantly, begin to publish the rules and regulations, I’m sure I’ll have a lot more to share on this.

Get Updates

Sign up to receive the latest from Armis.