Mirko Bulles, Armis: visibility is the key to security
November 2022 by Marc Jacob
During ITSA 2022, Armis presented its Unified Asset Visibility & Security Platform. It helps discover and manage assets in IT, IoT, IIoT, IoMT and OT environments. This platform is available via Google Cloud and since October via Amazon Web Services AWS. Additionally, Armis recently signed technology partnerships with SentinelOne and Illumio. For Mirko Bulles, Director Technical Account Management EMEA/APAC Armis visibility is the key to security.
Global Security Mag: What will you present at ITSA?
Mirko Bulles : We are showcasing our Unified Asset Visibility & Security Platform. We are detecting and managing assets in IT, IoT, IIoT, IoMT and OT environments. During proof of concepts we usually find a lot more assets in these environments than the companies that ask us to do so, this is not only a surprise to them, but also a huge threat, because you cannot protect what you can’t see or don’t know you have in terms of company assets. In June we added Asset Vulnerability Management (AVM) to our product portfolio. Our platform is now available via Google Cloud and since October via AWS. We had recently signed technology partnerships with SentinelOne and Illumio. Furthermore, we just introduced our APEX Manage program for resellers. it-sa is a perfect opportunity for us to meet not only existing and potential customers, but also existing and potential reseller partners.
GS Mag: What are the main threats you have identified this year?
Mirko Bulles : We have a dedicated research team within our organization that is constantly looking for vulnerabilities in devices. Earlier this year they discovered TLStorm 2.0, which are five critical vulnerabilities in the implementation of TLS security protocols in multiple models of network switches. The vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities, expanding the reach of TLStorm to millions of additional enterprise-grade network infrastructure devices. In March 2022, Armis first disclosed TLStorm, three critical vulnerabilities in APC Smart-UPS devices. The vulnerabilities allowed attackers to gain control of Smart-UPS devices from the internet with no user interaction, resulting in the UPS overloading and eventually destroying itself in a cloud of smoke. The root cause for these vulnerabilities was a misuse of NanoSSL, a popular TLS library by Mocana.
The main threats are of course supply chain attacks and attacks caused by APT groups. We’ve seen attacks on hospitals that are among the critical infrastructures quite a lot during the year and also in the energy sector.
GS Mag: What about the needs of companies?
Mirko Bulles : Companies, especially critical infrastructures, need to protect themselves against cyber attacks, especially APT attacks. They need to know all their assets to prove on a regular basis that they are secure, but most organizations don’t know how many assets they have and where and what type. That is an issue, because they can’t protect their attack surface when they don’t know it.
GS Mag: How will your strategy evolve to address these issues?
Mirko Bulles : We are constantly evolving our products due to the needs of our customers and in regards to the ever evolving threat landscape, which for example led to the introduction of AVM in summer.
GS Mag: What advice do you have in this area, and more generally to limit the risks?
Mirko Bulles : 1. Quickly discover all assets that need to be patched or protected from exploit attempts to plan and prioritize mitigation efforts. Our solution not only detects the existence of these devices on the network, it can also provide valuable data about the device owner and physical location to expedite mitigation efforts.
2. Detect exploit attempts in real-time and orchestrate the response through integrations with the IT and security tech stack.
3. Continue to track the long tail of ‘still to be patched’ assets, and new assets that might be vulnerable. Ensure these assets aren’t targeted by exploit attempts at any time, and do not pose a threat to your network.
GS Mag: Finally, what message would you like to convey to our readers?
Mirko Bulles : Visibility is the key to security.
Related articles:
- Joerg Vollmer, Qualys: it is essential that senior executives can provide the CISO with a clear view of the challenges to be faced
- Ramon Mörl CEO of itWatch: our partnership with Gatewatcher will contribute to the Franco-German agreement in the field of Cybersecurity
- Jean-Noël de GALZAIN, Wallix: autonomy and sovereignty should be integral to cybersecurity choices
- Mike Polatsek, CybeReady: Companies should adopt an APT approach, Advanced Persistent Training
- Hanspeter Karl, Pentera: To mitigate cyberattacks, Pentest is now a must to have !
- Dominique Meurisse, Gatewatcher: European cyber security is no longer a myth and is becoming a reality
- Jelle Wieringa : "We don’t want to force anyone to do cybersecurity training, we want to enable them and motivate them to do it themselves!"
- SailPoint : "You can only make smart decisions about things you can see."