Core to the Armis Platform is our Device Knowledgebase. It is a giant, crowd-sourced, cloud-based device behavior knowledgebase—the largest in the world, tracking over two billion devices—and growing.
Each profile includes unique device information such as how often each device communicates with other devices, over what protocols, how much data is typically transmitted, whether the device is usually stationary, what software runs on each device, etc. And we record and keep a history on everything each device does.
With our Device Knowledgebase, Armis understands not only what the device is and what it is doing, but what it should be doing. This is because we understand the context of each device in its use in each environment.
After all, a tablet is not just a tablet. It may be used to check people in at an office lobby, to drive a video conferencing solution in a boardroom, or run a production line, or used by a doctor in an emergency room. Context is critical to know the correct behavioral profile of a device.
These device insights enable Armis to classify devices and detect threats with a high degree of accuracy. Armis compares real-time device state and behavior to “known-good” baselines for similar devices we have seen in other environments. When a device operates outside of its baseline, Armis issues an alert or can automatically disconnect or quarantine a device.
Alerts can be triggered by a policy violation, a misconfiguration, or abnormal behavior like inappropriate connection requests or unexpected software running on a device. The Device Knowledgebase tracks all managed, unmanaged, and IoT devices Armis has seen across all our customers.