Armis, founded in 2015 in Palo Alto, California, is one of the most visible IoT security start-ups, having landed a few high-profile clients including Samsung in the US and New Jersey based IDT Corporation. which is primarily a long-distance telco. Its premise is that enterprises are rarely aware of all the devices connected to their network and that in most cases there will be some that are not authorized.
The latter will include devices brought in by employees, contractors, partners, and also transiently connected wireless tracking devices from third parties – such as couriers delivering mail. In a few cases, devices will be maliciously planted, as was noted by IDT’s CIO Golan Ben-Oni, pointing out that wireless devices can now potentially access and disrupt an enterprise network even if they are as much as one kilometer outside the premises. They can also be left concealed on-site, eavesdropping on processes wirelessly. IDT was therefore attracted to Armis by the prospect of being able to monitor and track down all devices connected by IP to corporate systems – whether over wired or wireless connections.
As this implies, Armis employs “agentless” security which does not require software on the devices themselves. This is important, not just to detect unknown devices but also allow for the limited resources available on many of them. The firm lists as one of its three main selling points the fact that many IoT devices not only lack inherent security capability, but also the memory and processing capacity to run any anti-malware or security agents in any case.
The second related point is that many IoT devices are designed automatically to connect to the Internet or other components, so that they often bypass security by default and therefore again need external monitoring. Thirdly, these devices are not designed to allow upgrades to their limited operating system or firmware, even if there is the capacity to run agents, so that they cannot be updated to defend against emerging vulnerabilities.
Ben-Oni advocated enterprises taking three basic steps to address IoT security. Firstly, conduct an inventory, secondly determine where vulnerabilities apply and then thirdly do it now rather than wait, because threats are imminent. But given the existence of rogue devices, an important fourth step is to employ some system such as Armis’ agentless security, to monitor continuously for connected devices. Armis then claims it adds the crucial capability of being able to detect signs of attack, anomalies and malicious activity. This includes detecting devices that are part of a botnet or contain vulnerable or infected malware, with the ability then to disconnect them immediately from the enterprise network, in accordance with agreed corporate policies. Device and IoT profiling combined with trust models are used to determine what is safe and what is not.
Investors include Sequoia Capital and Tenaya Capital in the first round, joined later by Zohar Zisapel, founder and chairman of RAD Technologies; René Bonvanie, CMO of Palo Alto Networks; and Mickey Boodaei, founder of Imperva and Trusteer.