Without agents, Armis discovers all devices on your network and in your airspace, including devices that Cisco ISE can’t see such as those that communicate via Bluetooth, Zigbee, and other common IoT protocols. Armis creates a comprehensive inventory that includes device manufacturer, model, location, operating system, installed applications, connections made over time, and a unique risk score that Armis generates for each device. This complements the inventory that Cisco ISE provides for devices on your network, and it gives your security team additional information they they can use to proactively reduce your organization’s attack surface.
Automated Threat Detection
Armis is able to tell Cisco ISE whenever a device on your network has become a threat. Armis continuously monitors the behavior of every device on your network and in your airspace for behavioral anomalies that indicate that the device has been compromised. This behavioral analysis is performed by Armis’ Threat Detection Engine which compares the real-time behavior of each device with:
- The historical behavior of the device
- The behavior of similar devices in your environment
- The behavior of similar devices in other environments
- Common attack techniques
- Information from threat intelligence feeds.
Automated Incident Response With Cisco ISE
When Armis detects a threat on your network, Armis informs Cisco ISE which can then automatically quarantine the suspicious or malicious device to neutralize the threat. Through this integration, Armis lets you and your team:
- Leverage your existing investment in Cisco ISE
- Take action immediately to break the kill chain
- Gain the peace of mind you need for all devices, both managed and unmanaged