The Armis cloud-based analysis engine generates unique information that can be fed back into your network infrastructure to allow it to make better decisions about network access, network allocation, etc. The information that Armis produces includes:
- Device classification
- Software running on each device
- Security risks and alerts
When Armis detects abnormal or malicious device behavior, it can tell your firewall to prevent the device from communicating with the Internet. This breaks command and control, and prevents data exfiltration from the compromised device.
Security Information and Event Management (SIEM)
Armis can tell your SIEM about events associated with all of the devices in your environment, including devices that can’t accommodate agents and don’t produce logs or events. This allows your SIEM to make better decisions, produce more complete reports, and helps you shorten your response time in crisis mode.
ITAM and CMDB
Armis can provide your IT asset management (ITAM) and configuration management database (CMDB) real-time information about all of the devices in your environment, including unmanaged devices and IoT devices on your network and in your airspace. This helps you maintain a trusted single-source-of-truth repository for better decision-making.
Armis can let your vulnerability assessment (VA) system know when a new device joins your network. This lets your VA system immediately scan the device in order to produce a more real-time view of risks on your network. Also, Armis can inform your VA system whenever Armis senses a significant vulnerability on any device, so your VA system can assess the device in a more comprehensive fashion
Ticketing and Incident Response
When Armis detects a significant policy violation or threat on your network, Armis can automatically generate tickets and send alerts or actions (e.g. to investigate or quarantine a suspicious device) into your existing workflow or incident response systems.