AI SecurityOT SecurityFortinetArmisSecurity OperationsSecurity
Partner Contribution7 minute read

Partner POV | Fortinet + Armis Security Solution

Armis Centrix™ and Fortinet's collaboration offers unparalleled visibility and control over managed and unmanaged devices, enhancing security through AI-driven insights. This joint solution simplifies threat detection and response, optimizes security resources, and supports zero trust, ensuring robust protection across diverse environments without disrupting operations. Discover a new era of cybersecurity management.

In this article

  1. Asset Intelligence and Proactive Security Controls for Managed & Unmanaged IoT, IoMT and OT-ICS Devices
  2. Armis – Fortinet Key Benefits
  3. Joint Solution
  4. Solution Components
  5. Customer Benefits
  6. Fortinet and Armis Integration Architecture
  7. USE CASE #1 Easily Discover Devices in Distributed Environments
  8. USE CASE #2 Tighten Security Controls with Dynamic Policies
  9. USE CASE #3 Detect and Respond Quickly to Threats and Vulnerabilities

This article was written and contributed by, Armis.

 Asset Intelligence and Proactive Security Controls for Managed & Unmanaged IoT, IoMT and OT-ICS Devices

Today's networks connect a myriad of managed and unmanaged devices, with little visibility or control over the risk they introduce to the business. Security teams struggle to understand where, what and how of each and every vulnerable device. The same security teams cannot adequately or efficiently control and secure these devices. Armis Centrix™, the cyber exposure management platform, is powered by an AI-driven Asset Intelligence Engine, works together with the Fortinet Security Fabric to create a unified visibility, security and enforcement ecosystem that delivers simpler, stronger and more efficient security controls. Armis and Fortinet offer a solution that lays the foundation for segmentation and zero trust.

 Armis – Fortinet Key Benefits

  • Easily and quickly discover managed and unmanaged devices even at remote sites.
  • Pro-actively and dynamically optimize security controls based on Armis' asset intelligence, which includes device identification, vulnerability and risk information as well as threats.
  • Optimize Fortinet's resources by focusing its security functionalities on critical or risky assets in a customer environment.
  • Detect and respond quickly to threats and vulnerabilities with appropriate contextual information based on Armis' unique asset- based insights.

 Joint Solution

The Armis and Fortinet joint solution provides organizations peace of mind by ensuring that you are always on top of the potential threats that can impact your business.

This is accomplished by offering unmatched asset visibility, security and control for managed and unmanaged devices, whether IT, IoT, IoMT, OT, or ICS. Armis Centrix™ is the premiere platform that leverages AI to discover and identify every device in any environment—enterprise, medical, industrial and more.

Armis gains deep intelligence on every asset and categorizes assets in real-time, provides advanced warning of emerging threats, assigns business context and then analyses device behavior. Armis Centrix™ finds threats including vulnerabilities, risk and other security issues, prioritizes them based on business criticality and provides remediation by predictively assigning fixes to the relevant stakeholder groups.

When Armis Centrix™ works in tandem with the Fortinet Security Fabric, the joint solution reduces exposure to device and asset risks that can directly impact organizational operations and provides security teams with deeper device insights —all done without disrupting critical business operations.

 Solution Components

The Armis Centrix™ Asset Intelligence Engine contains detailed accumulated, anonymized knowledge of more than 5 billion devices. When Armis finds a device on your network, it uses 30 AI engines to instantly compare configuration and traffic pattern information, to detect anomalies and risks, removing a learning period and yielding fast time to value.

Fortinet FortiGate Next-Generation Firewalls (NGFWs) provide industry-leading threat protection and decryption at scale with a custom ASIC architecture. They deliver secure networking with integrated features such as SD-WAN, switching and wireless and 5G. Converge your security and networking point solutions into a simple-to-use, centralized management console powered by a single operating system, FortiOS and simplify IT management.

Armis Centrix™ provides organizations with the ability to build a comprehensive cybersecurity program focused on: Asset management and security, Vulnerability & security finding, prioritization and remediation, OT/ICS security medical device security and early warning threat detection.

 Customer Benefits

  • Quickly gain real-time visibility and risk posture into managed and unmanaged devices across all industry verticals with the ability to scale globally
  • Proactively and dynamically tighten security controls to meet compliance requirements e.g. IEC 62443 in OT based on Armis's asset intelligence, vulnerability, risk and abnormal behaviour detection.
  • Optimise Fortinet resources by focusing its security functionalities on critical or risky assets that impact patient care.
  • Detect and respond quickly to FDA recalls against medical devices and common vulnerability and exposures (CVEs) and Security Findings with appropriate contextual information to focus IT and security teams on highest risk and exposure areas based on Armis's unique asset-based perspective and risk scores.

 Fortinet and Armis Integration Architecture

Fortinet FortiManager delivers unified management for consistent security across complex hybrid environments, protecting against security threats. Key benefits include accelerated zero-touch provisioning with best-practice templates for deployment at the scale of SD-WAN and streamlined workflows within the Fortinet Security Fabric.

Fortinet FortiSOAR – FortiSOAR helps IT/OT security teams thwart attacks by centralizing incident management and automating the myriad of analyst activities required for effective threat investigation and response. Using FortiSOAR as a central operations hub to standardize and execute these workflows enforces best practices and allows analysts to focus on what matters most to protect the organization.

Fortinet FortiSIEM brings together visibility, correlation, automated response and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection and even prevent breaches.

 

 USE CASE #1 Easily Discover Devices in Distributed Environments

Armis's integration with Fortinet FortiGate appliances allows Armis Centrix™ to ingest network traffic for analysis and comparison using its collective asset intelligence engine. Armis can leverage the existing FortiGate infrastructure to gather packet-level information about devices in remote locations and is especially effective in environments with distributed internet connectivity and SD-WAN.

Armis Centrix™ can also utilize the FortiGate API to regularly trigger the collection of packets on remote networks that provide intelligence on connected devices and connections. This information is then retrieved and cross-correlated with other data sources, to provide contextual device intelligence. Leveraging the Armis FortiGate integration can also simplify the deployments at scale and negate the need or reduce the number of physical or virtual collectors required.

 USE CASE #2 Tighten Security Controls with Dynamic Policies

Armis Centrix™ also integrates with the centralized FortiManager to distribute dynamic policy information to multiple Fortigate fleets and modify them based on configurable rules in real time. As Armis discovers and identifies devices and their associated risks and behaviors in your environment, it can inform FortiManager to contain and block threats.

Source conditions can be dynamically added and changed in real time, allowing the administrator to change traffic parameters automatically. Use cases include applying additional logging or IDS and AV policies to high-risk devices and even enforcing and blocking devices from accessing critical resources or the network altogether. 

In addition, Armis Centrix™ provides visibility into traffic and protocol patterns in the context of device types. Administrators can utilize this knowledge to create more concise network policy rules and reduce the attack surface in critical networks, such as infusion pumps in a medical environment or OT assets that cannot have security agents installed.

 USE CASE #3 Detect and Respond Quickly to Threats and Vulnerabilities

Armis Centrix™ uses over 30 A.I engines to continuously perform device or asset analysis to detect threats and vulnerabilities associated with managed, unmanaged and IoT, IoMT, IT and OT, devices (for example, CVEs and unsupported operating systems). This analysis is based on tracking more than 5 billion devices, Also, Armis Centrix™ for Early Warning uses A.I. and industry curated honeypots to drive adversary interaction to provide an early warning on emerging threats, which can then be immunised at the device level.

When Armis identifies a vulnerable or malicious device, it can automatically inform the FortiSIEM security information and event management system and provide contextual details to enhance its behavior analytics capabilities. Armis's visibility extends deep into all segments of the network, even where security devices or intrusion detection systems may not reach. Armis received a 100% score from Mitre Engenuity for the ATT&CK Framework in ICS and is also able to share this advanced detection logic with FortiSIEM so analysts can perform faster threat investigation, containment and hunts with visibility into the entire attack surface.

Learn more about Security Operations and Armis Contact an Expert

Technologies