Identifying Devices & Gaps

Armis provides the most comprehensive asset inventory and visibility.

Identifying Devices From All Sources

Armis discovers and classifies every managed, unmanaged, and IoT device in your environment. It aggregates device information across all your IT and security management solutions, bringing an end to fragmented visibility. Additionally, we can identify devices on your network (both wired and wireless), off-network devices communicating via Wi-Fi, Bluetooth, and other peer-to-peer IoT protocols, as well as off-prem devices.

By connecting all these sources of telemetry and device data, Armis delivers a trusted, comprehensive, and unified view of the devices in your environment. It is completely passive, and builds a comprehensive device inventory continuously and in real-time, ensuring that every device, even transient devices, are included.

“Armis gave us the visibility we needed of all the devices across our networks from our BedQuarters to our stores in the field. It is critical for us to see these devices, and to understand what they were doing.”

Brad Hollingsworth
Director of Cyber Security, Mattress Firm

background image

Device Identification and Classification

When the Armis platform detects a device either on or near your enterprise network, it can provide full identification and classification of a device including:
  • Device name
  • Device category
  • Device type
  • Device model
  • Device brand
  • IP address
  • MAC address
  • Location
  • User
  • Operating system and version
  • Applications including name, version, date/time seen active
  • Date and time first seen
  • Date and time last seen
  • OUI
  • Reputation
  • Behavior
We also track:

Connections between the device and other devices including the protocol used to connect, time of the connection, duration of the connection, amount of data transferred, physical layer information such as Wi-Fi channel used.

Alerts including important information such as date, time, type, activities that caused the alert, severity of the alert.

Services accessed by the device including related information such as the date and time, name of the service, amount of traffic, and transmission characteristics such as latency.

Traffic to and from the device including port, description.

Risks including details regarding each type of risk which include manufacturer reputation, cloud synchronization, connection security, data-at-rest security, malicious domains visited, number of wireless protocols used, malicious behavior, number of open ports, user authentication, threat detected, and vulnerability history.

Software vulnerabilities found on the device including related information such as CVE (with drill-down into details), description, publish date, attack vector, attack complexity, and whether user interaction is required.

We track all this information “out of the box” for 90 days, with searchable history.

background image

Largest Device Knowledgebase

The Armis platform's deep device insights don’t just come from the devices themselves, but from understanding the context and behavior associated with each device. We understand how a device is being used, and when it begins acting suspiciously or as if it has been compromised.

We are able to get those deeper device insights with our Device Knowledgebase. It is the largest such Device Knowledgebase, tracking more than 280 million devices (and growing) every day. There we compare a device to all similar devices, correlating that device and its behavior against “good known” profiles of devices to identify if there is an issue or threat.

See every device.

See every connection.

See a live demonstration of the Armis agentless device security platform.