• COMPREHENSIVE: Discovers and classifies all devices in your environment, on or off your network.
• AGENTLESS: Nothing to install on devices, no configuration, no device disruption
• PASSIVE: No impact on your organization’s network. No device scanning.
• FRICTIONLESS: Installs in minutes using the infrastructure you already have.

Armis connects to your network using a collector, which is a physical or virtual appliance connected to a switch SPAN port. Through the mirror, it redirects a copy of the traffic to the Armis collector, which analyzes metadata at a ratio of 1:10000 content. These are just header information, not including payload.

The analyzed metadata is sent to the Armis Device Knowledgebase, a proprietary cloud-based knowledge base of 600 million monitored devices.

On this basis, and with the help of behavioral algorithms that evaluate a device's behavior in relation to the past and the behavior of other similar devices, Armis determines whether the behavior of a given device deviates from the norm.

Visibility is an essential component of any security strategy for every organization. And if your organization needs to comply with frameworks like PCI, HIPAA, NIST, or the CIS Critical Security Controls, you are required to maintain an accurate inventory of hardware and software in your environment. That’s easy to say, but much harder to do. Armis discovers and classifies every managed, unmanaged, and IoT device in your environment including servers, laptops, smartphones, VoIP phones, smart TVs, IP cameras, printers, HVAC controls, medical devices, industrial controls, and more.

Armis can even identify off-network devices using Wi-Fi, Bluetooth, and other IoT protocols in your environment — a capability no other security product offers without additional hardware. The comprehensive device inventory that Armis generates includes critical information like device manufacturer, model, serial number, location, username, operating system, installed applications, and connections made over time. In addition to discovering and classifying a device, Armis calculates its risk score based on factors like vulnerabilities, known attack patterns, and the behaviors observed of each device on your network. This risk score helps your security team understand your attack surface and meet compliance with regulatory frameworks that require identification and prioritization of vulnerabilities.

Armis goes beyond device and risk identification. The Armis Threat Detection Engine continuously monitors the behavior of every device on your network and in your airspace for behavioral anomalies. Working with our Device Knowledgebase, Armis compares the real-time behavior of each device with:

• Historical device behavior
• The behavior of similar devices in your environment
• The behavior of similar devices in other environments
• Common attack techniques
• Information from threat intelligence feeds

When Armis detects a threat, it can alert your security team and trigger automated action to stop an attack. Through integration with your switches and wireless LAN controllers, as well
as your existing security enforcement points like Cisco and Palo Alto Networks firewalls, and network access control (NAC) products such as Cisco ISE and Aruba ClearPass, Armis can restrict access or quarantine suspicious or malicious devices. This automation gives you peace of mind that an attack on any device — managed or unmanaged — will be stopped, even if your security team is busy with other priorities.

Armis requires no agents or additional hardware to deploy, so it can be up and running in minutes to hours. Not only does it integrate with your firewall or NAC, but Armis also integrates with your security management systems like your SIEM, ticketing systems, and asset databases to allow these systems and incident responders to leverage the rich information Armis provides.

The Armis list price is transparent and is not bound by hidden costs.

Contact us via this link if you would like to learn more about the product and pricing.