OT device identification & classification.
Good OT asset management relies on a comprehensive and accurate inventory of all hardware and software that is present in your OT environment.
Automatically discover and generate a comprehensive inventory of all devices and software in your environment. Leverage our massive Device Knowledgebase to utilize a wealth of information such as device type, manufacturer, model, location, and more.
The scope of The Armis Agentless Device Security Platform device discovery extends to your entire environment — from the manufacturing line to the executive suite. This is important because attackers view your environment as one large interconnected attack surface. The Armis Platform discovers instrumentation devices at Level 0, process control devices at Level 1, supervisory systems at Level 2, and all devices up to Level 5 including network switches and firewalls, video cameras, HVAC systems, and more.
OT asset metadata.
The Armis Platform generates a wide spectrum of metadata that is useful for OT asset management and security. All information is stored for 90 days, with searchable history.
|Connections between the device and other devices including the protocol used to connect, time of the connection, duration of the connection, amount of data transferred, physical layer information such as Wi-Fi channel used.|
|Network Topology that shows where each device is on the Purdue reference architecture model and the real-time connections that each device makes relative to other devices in other levels of the Purdue model.|
|Alerts including important information such as date, time, type, activities that caused the alert, severity of the alert.|
|Services accessed by the device including the date and time, name of the service, amount of traffic, and transmission characteristics such as latency.|
|Traffic to and from the device including port, description.|
|Risk factors based on manufacturer reputation, cloud synchronization behavior, connection security, data-at-rest security, malicious domains visited, number of wireless protocols used, malicious behavior, number of open ports, user authentication, threat detected, and vulnerability history.|
|Software vulnerabilities (CVEs) found on the device including drill-down details such as CVE publish date, attack vector, attack complexity, and whether user interaction is required. This includes firmware vulnerabilities such as CDPwn.|
Locate OT assets quickly.
For large industrial plants with multiple locations, good OT asset management requires knowing what devices you have and where they are located. For example, a security issue may be announced about a certain manufacturer’s device; in order to determine your level of risk, you may need to identify where those devices are being used throughout your plant.
The Armis Platform tracks the location of connected devices no matter whether they are stationary or mobile. This can be helpful during an incident response situation when all you might know is an IP address. Based on the IP address, the Armis Platform will tell you what the device is, where it is, and what that device has been doing.
Seamless collaboration between plant operations and security.
The Armis Platform helps engineers, maintenance specialists, plant administrators, and security teams get more stuff done in less time. Get one “source of truth” in terms of OT asset inventory and integrate with your existing IT asset management platform or CMMS/CMDB, ensuring it is kept up-to-date with the latest and most complete information available.
OT change & configuration management.
Another important aspect of OT asset management is ensuring that each device is programmed and configured correctly.
Temporary changes to network firewalls sometimes need to be made to facilitate troubleshooting or data acquisition. Unfortunately, these changes might not be reverted when the temporary period has expired. The Armis Platform monitors your network and can detect when such changes are inadvertently left in place, resulting in unintended levels of network connectivity.
PLC Program Changes
The Armis Platform can alert whenever a program change command is sent to a PLC. If this command is not intentional, it could be a sign that an intruder is maliciously trying to reprogram your PLC. This is one of the many attack techniques listed in the MITRE ATT&CK for ICS knowledgebase that Armis is able to detect.
See Every Thing™.Every Device.
See a live demonstration of the Armis agentless device security platform.
The 5X Challenge
Learn how we can be your strategic partner
Speak With An Expert
Find your unknown unkowns