Exabeam, the Smarter SIEM company, and Armis, a provider of agentless enterprise IoT security, announced a partnership that will enable IT cyber security teams to identify unmanaged and IoT devices and to monitor their behaviour for malicious activity from a single platform. Attackers increasingly target unmanaged, connected devices to gain access to an organisation’s corporate network.
The integration of Exabeam and Armis solutions classifies managed, unmanaged, and IoT devices connecting to the corporate network and allows security analysts to detect lateral movement and other advanced threats. Unmanaged and IoT device security alerts are also enriched with contextual data and prioritised by risk score to focus analyst efforts on the riskiest incidents and to increase their efficiency and effectiveness.
Behavioural analytics solution
Exabeam recognises the importance of expanding SIEM to unmanaged and IoT devices"
The partnership extends the visibility of the Exabeam Security Management Platform (SMP) into IoT devices to identify anomalies and enable security teams to more efficiently detect, prioritise and investigate threats across a broader range of devices. Specifically, it enables Exabeam Entity Analytics, a behavioural analytics solution that leverages both machine learning and behavioural modeling, to identify complex threats on devices, as well as extend detection and investigation of advanced threats to IoT devices.
The integrated solution imports alerts and data about IoT devices from Armis into the Exabeam SMP to extend visibility beyond managed IT assets.
Prioritise security alerts
Exabeam then places Armis security alerts in the context of Exabeam Smart TimelinesTM to enhance analyst productivity by automating tedious investigations with machine-built timelines and ensuring sophisticated attacks involving lateral movement don’t go undetected. By identifying both managed and unmanaged assets connected to the network in this way, users can prioritise security alerts and initiate rapid investigation.
“Exabeam recognises the importance of expanding SIEM to unmanaged and IoT devices, and integrating with a leading agentless device IoT security vendor will provide significant value for organisations that manage infrastructure, industrial facilities, manufacturing and smart cities,” commented Trevor Daughney, VP, Product Marketing, Exabeam.
Effective security strategies
“By partnering with Armis, we help security teams improve their operational efficiency by automating the detection and investigation of attacks using IoT devices.”
Armis and Exabeam let organisations safely adopt new devices to drive their business with stronger security"
“Organisations are increasingly looking for security solutions that can integrate cyber security defense across every kind of connected device in their organisation,” said Christopher Dobrec, VP of Product Marketing at Armis. “As the adoption of unmanaged and IoT devices continues to accelerate, it’s vital that the effectiveness of security strategies extends to secure those devices. Together, Armis and Exabeam let organisations safely adopt new devices to drive their business with stronger security and better risk management.”
Complete asset inventory
“Security attacks aren’t limited to devices like laptops and servers. For organisations like ours, it’s imperative for our security team to have visibility into our complete asset inventory, including IoT devices from point of sale terminals to industrial controllers in our manufacturing operations,” said Exabeam customer Rhett Nieto, IT security chief, FEMSA.
“In some organisations, IT is responsible only for the desktop, laptops and server rooms, while business units take care of CPS, such as industrial controls, operational technology, industrial IoT (IIoT), public cloud and line of business (LOB)-centric SaaS applications,” commented John Watts, a Gartner analyst, in the June 2020 Gartner report: How to Respond to the 2020 Threat Landscape.
Configuration management database
The report further mentions, “An IT-focused configuration management database (CMDB) only discovers and tracks IT assets, whereas a security team needs a comprehensive asset inventory. Without this view, threats are missed, and vulnerable assets are not addressed. This requires a partnership between IT and the LOBs to ensure that an adequate inventory of all assets is available and current.”