Hi [[ session.user.profile.firstName ]]

CDPwn: 5 Vulnerabilities in Cisco Device Protocol

Armis has discovered five critical vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over corporate and network devices without any user interaction. The discovery, dubbed CDPwn, exposes vulnerabilities which could allow an attacker to fully take over switches, routers, IP phones and cameras.

Watch this webinar to learn how an attacker would use CDPwn to exploit these vulnerabilities leading to:

-Breaking of network segmentation
-Data exfiltration of corporate network traffic traversing through an organization's switches and routers
-Gaining access to additional devices by leveraging man-in-the-middle attacks by intercepting and altering traffic on the corporate switch
-Data exfiltration of sensitive information such as phone calls from from devices like IP phones and video feeds from IP cameras
Recorded May 26 2020 34 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ben Seri, VP of Research at Armis and Chris Dobrec, VP of Product Marketing at Armis
Presentation preview: CDPwn: 5 Vulnerabilities in Cisco Device Protocol

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Zero Trust Security for Unmanaged and IoT Devices Recorded: May 27 2020 44 mins
    Jack Marsal, Senior Director, Product Marketing at Armis
    The Zero Trust security approach has exploded in recent years. But almost all of the focus has been on applying Zero Trust principles to users and managed computers. Unmanaged and IoT devices have been left out of the conversation, leaving enterprises exposed to attacks on these types of devices.

    Watch this webinar to learn how you can apply Zero Trust security principles to unmanaged and IoT devices. Learn about —
    -Common Zero Trust security tools and architectures
    -How blind spots still exist for unmanaged and IoT devices
    -How Armis extends Zero Trust principles to unmanaged and IoT devices
  • CDPwn: 5 Vulnerabilities in Cisco Device Protocol Recorded: May 26 2020 34 mins
    Ben Seri, VP of Research at Armis and Chris Dobrec, VP of Product Marketing at Armis
    Armis has discovered five critical vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over corporate and network devices without any user interaction. The discovery, dubbed CDPwn, exposes vulnerabilities which could allow an attacker to fully take over switches, routers, IP phones and cameras.

    Watch this webinar to learn how an attacker would use CDPwn to exploit these vulnerabilities leading to:

    -Breaking of network segmentation
    -Data exfiltration of corporate network traffic traversing through an organization's switches and routers
    -Gaining access to additional devices by leveraging man-in-the-middle attacks by intercepting and altering traffic on the corporate switch
    -Data exfiltration of sensitive information such as phone calls from from devices like IP phones and video feeds from IP cameras
  • Asset Inventory: How Security Teams Get a Comprehensive View of IT, IoT, OT and Recorded: May 21 2020 37 mins
    Chris Dobrec, VP of Product Marketing, Armis
    How would you feel if you could get a comprehensive asset inventory across your entire environment - offices, remote locations, manufacturing floors; even off prem devices? All great security programs and compliance frameworks start with comprehensive and accurate asset inventory. And in a world of exploding devices, you need a full accounting of all your devices whether they be IT, IoT, OT, or even medical devices. Join Chris Dobrec, VP Product Marketing of Armis, and Holger Schulze, founder and CEO of Cybersecurity Insiders, for this live webinar as they explore the challenges that security teams face when building a comprehensive and accurate view of all the assets in their environment.

    They will discuss:
    -The wave of unmanaged and IoT devices connecting to today’s networks
    -The fragmentation of device data across different IT and security tools
    -The risks and vulnerabilities these new devices introduce
    -How to get a unified, comprehensive asset inventory
    -How to ensure automated policy and security enforcement
  • MITRE ATT&CK® for ICS - Practical Applications Recorded: May 20 2020 61 mins
    Otis Alexander, The MITRE Corporation | Fritz Wetschnig, Flex | Nadir Izrael, Armis
    The MITRE ATT&CK® for ICS knowledge base was released in January 2020 and has received a tremendous amount of interest from security professionals.

    Join security experts from MITRE, Flex, and Armis to hear practical tips about how you can use the MITRE ATT&CK for ICS knowledge base to assess your current cyber defences and make adjustments to better protect your industrial control environment from cyber attack.

    Otis Alexander - Lead Cyber Security Engineer, The MITRE Corporation, will describe how the new ATT&CK for ICS knowledge base compares and contrasts with their previously published knowledge bases, MITRE ATT&CK for Enterprise.

    Fritz Wetschnig - Chief Information Security Officer (CISO) and VP, Enterprise Information Technologies at Flex, a global manufacturing organization, will describe how his security team is currently using the MITRE ATT&CK knowledge base to optimize their cyber defenses.

    Nadir Izrael - CTO and Co-founder at Armis, will dive deep on practical applications and tips that Armis has recently published regarding cyber defenses for industrial control systems.
  • Best Practices for Medical Device Security Recorded: May 14 2020 46 mins
    Chris Dobrec, VP of Product Marketing, Armis
    Hosted by Health IT Security. Advances in medical device technology help you deliver top-notch care, but who’s making sure those devices are healthy too? Hidden inside things like MRI and x-ray machines, infusion pumps, and patient monitors are vulnerabilities that can put patients at risk.
    These devices have no built-in security controls, they’re impossible to update without arduous recertification, and they can’t host agents traditional endpoint security products require.
    Join Armis to learn about vulnerabilities like URGENT/11 that bad actors can use to take control of critical medical equipment. We’ll discuss real-world threats to devices and provide you best practices to secure your connected medical devices and keep your patients safe.
  • Agentless Device Security for Palo Alto Networks Recorded: May 14 2020 38 mins
    Scott Oldfield, Account Executive from Armis | Travis Dye, Solutions Architect from Armis
    The Armis agentless device security platform gives Palo Alto Networks customers unparalleled device visibility and control. Fast and easy cloud integration with Cortex allows the Armis platform to discover and profile every device, and to analyze device activity for suspicious or malicious behavior. And the platform’s integration with Palo Alto Networks next-generation firewalls (NGFW) blocks suspect devices automatically, helping to ensure sensitive data and systems stay protected.

    Join our webinar on Thursday, May 14 to learn how our joint solution enables you with:
    -Complete asset inventory of every device - managed, unmanaged, IoT and more
    -Deep device behavior insights so for more effective risk management
    -Advanced threat detection and response to find and stop threats and attacks
  • Device Security for Cisco Meraki: Fast, Simple, and Agentless Recorded: May 13 2020 35 mins
    Scott Oldfield, Account Executive from Armis | Cory Brown, Solutions Architect from Armis
    Add Armis to your existing Cisco Meraki infrastructure and get a detailed inventory of every device on your network, the ability to analyze device behavior continuously for risks and threats, and to block suspicious or malicious devices automatically. In just minutes, and with no additional hardware, our cloud-to-cloud integration gives you deep asset inventory of the devices and software on your network, connections between devices, and services being used - and the ability to better manage your risk, and automate policy enforcement.

    Join our webinar on Wednesday, May 13 to learn how our joint solution provides you with:
    -Complete asset inventory of every device - managed, unmanaged, IoT and more
    -Deep device behavior insights so for more effective risk management
    -Advanced threat detection and response to find and stop threats and attacks
  • Armis+Check Point: Visibility & Security for Unmanaged & IoT Devices Recorded: May 7 2020 34 mins
    Scott Oldfield, Commercial Account Manager from Armis and Vincent Vermeulen, Solutions Architect from Armis
    By 2021, up to 90% of devices will be unmanaged. In this world of these unmanaged and IoT devices, Armis integrates with Check Point IoT Security Manager to help organizations reduce exposure to the cyber-risk of unmanaged and IoT devices without disrupting business operations across any environment - industrial, healthcare, manufacturing, retail, and more. By combining the Armis platform’s agentless comprehensive asset discovery and continuous vulnerability assessment with Check Point’s security policy management and security gateways, you can apply a security policy for any device on your environment to mitigate device threats and vulnerabilities.

    Join our webinar on Thursday, May 7 to learn how our joint solution enables you to:
    -Create policies automatically for any unmanaged and IoT device
    -Detect and respond quickly to vulnerabilities and threats
    -Arm security teams with comprehensive device information
  • Comprehensive Asset Inventory Recorded: May 6 2020 36 mins
    Joe Lea, VP of Product, Armis and Chris Dobrec, VP of Product Marketing, Armis
    Can you accurately say how many devices you have and if they are secure?

    Getting a unified and comprehensive IT asset inventory is still a major issue—and pain—for every organization. From managed to unmanaged to IoT devices, from virtual machines to clouds, with data strewn across different systems. For devices in your environment and in your airspace—on your network and remote—can you accurately identify all you have? What is your source of truth? Most companies don’t have this, and this leaves them exposed to compliance, vulnerability, and security issues.

    Join Joe Lea VP Product Management, and Chris Dobrec, VP Product Marketing at Armis to learn how the Armis agentless device security platform brings you comprehensive visibility into all the assets you have by combining data from your network with other existing IT security and management systems to create one source of truth for all your assets—hardware, software, cloud— so you can:

    -Discover every IT asset in your environment
    -Identify risks, vulnerabilities, and gaps in your security posture
    -Automate and enforce security policies so you stay protected
  • Armis+Cisco ISE: Better Threat Detection & Response for Unmanaged & IoT Devices Recorded: May 5 2020 46 mins
    Brian Gonsalves, Sr. Manager, Product Management & Business Development, Cisco | Terrence Davis, Solutions Architect, Armis
    Armis integration with Cisco ISE provides automated threat detection and response for unmanaged and IoT devices. Armis creates a comprehensive inventory that includes device manufacturer, model, location, operating system, installed applications, connections made over time, and a unique risk score that Armis generates for each device. This complements the inventory that Cisco ISE provides for devices on your network, and it gives your security team additional information they can use to proactively reduce your organization’s attack surface.

    Join our webinar on Tuesday, May 5 to learn how our joint solution can:
    -Complement your existing Cisco ISE deployment
    -Automate quarantine for risky or malicious devices
    -Provide advanced threat detection and response
  • Medical Device Security Vulnerabilities and Disclosures Recorded: Apr 30 2020 61 mins
    Curtis Simpson, CISO at Armis and Dor Zusman, Senior Researcher at Armis
    When it comes to medical devices, poor cybersecurity poses risks to patient safety and puts millions at risk. How do companies like Armis find the vulnerabilities that affect billions of devices across the globe? What do you do with information that could be used for sinister means? Join to learn how Armis finds these vulnerabilities and how they safely communicate them to manufacturers, governmental institutions and the public at large.
  • Winning the Cybersecurity Battle in Healthcare Recorded: Apr 29 2020 23 mins
    Chris Dobrec, VP of Product Marketing, Armis
    When it comes to medical device security and the Internet of Things (IoT), poor cybersecurity poses risks to both patient safety and the infrastructure that keeps hospitals running. That’s your classic double whammy, and it’s an ongoing challenge for healthcare security professionals especially as cybercriminals are increasing their attacks of vulnerable healthcare institutions during the current pandemic.

    In this session, please join cybersecurity expert Chris Dobrec, Vice President Product Marketing at Armis as he weighs in on best practices for medical device security, and how to protect your organization from the exploit of connected medical devices.
  • Forrester: State of Enterprise IoT Security Recorded: Oct 22 2019 43 mins
    Merritt Maxim, VP Research Director at Forrester
    "State of Enterprise IoT Security: Unmanaged and Unsecured," a Forrester study commissioned by Armis, explores the current state of unmanaged and IoT device security in North America, as well as future trends.

    In this on-demand webinar, Merritt Maxim, VP Research Director at Forrester, will share the results from the more than 400 enterprise technology decision makers surveyed, including:

    What factors are driving the rapid growth of unmanaged and IoT devices
    What the main risks are
    How many enterprises have already experienced security incidents
    Which security controls are sufficient, which ones are lacking
    How enterprise security professionals are responding to the threats
  • Agentless EDR for Unmanaged & IoT Devices Recorded: Aug 28 2019 53 mins
    Joe Lea, VP of Product, Armis
    Over the past few years, enterprise security managers have adopted Endpoint Detection and Response (EDR) systems to help detect when and how an endpoint has been compromised. But this only solves part of the problem.

    EDR systems do not work on unmanaged devices which will soon outnumber managed devices ten-to-one in enterprise environments and can be used as part of a kill chain, disrupting business operations or even impacting human safety.

    Join our VP of Product, Joe Lea, to learn how Armis is forging a new way forward with an agentless approach to EDR that allows you to monitor un-agentable devices.
  • Eliminate the IoT Security Blind Spot Recorded: Jun 12 2018 58 mins
    Nadir Izrael, Co-founder and CTO, Armis
    Enterprises face an exploding number of unmanaged and IoT devices, which face with the increasing number of cyber attacks targeting these devices. How should IT security managers respond? Join Armis to discuss:

    • Why these devices are the new, insecure endpoint
    • The new attack vectors out of today’s kill chain
    • Why networks segmentation will fail in the IoT Age
    • 5 critical items needed to secure the enterprise

    Presenter: Nadir Izrael

    Bio: Co-founder and CTO, Nadir Izrael guides the technology vision behind Armis to protect unmanaged and IoT devices. He co-founded the company in 2015 with its CEO, Yevgeny Dibrov. Prior to Armis, Nadir worked at Google as senior software engineer. Before Google, Nadir spent six years in the Israeli army, specifically in unit 8200, where he designed and programmed software projects and systems, served as team leader and did officer’s training, attaining the rank of captain.
  • Eliminate the IoT Security Blind Spot with Armis Recorded: Oct 24 2017 39 mins
    Nadir Izrael - CTO Co-Founder
    Our current security architecture is broken. We need a new approach to address the evolving IoT endpoint. Join Armis CTO Nadir Izrael as he discusses:

    -Where current architecture is falling short
    -What next-generation architecture should look like
    -How to address vulnerabilities found in IoT devices/the unmanaged endpoint.

    About Armis:

    Armis eliminates the IoT security blind spot, protecting enterprises from the threat of unmanaged or rogue devices and networks. Customers including Samsung Research America and IDT Corporation trust Armis’ agentless IoT security platform to see and control any device or network. Armis is a privately held company and headquartered in Palo Alto, California.
  • New Attack Vector “BlueBorne” Exposes 5B+ Devices – Learn How It Works Recorded: Sep 20 2017 59 mins
    Nadir Izrael, CTO, Armis
    As Fortune reported on Tuesday, the new Blueborne attack vector exposed 5B+ devices to hacking, endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux. Blueborne attacks devices via Bluetooth in a manner never seen before, and spreads through the air (airborne). Users do not need to be on the Internet, take any action, or even pair with another device to be impacted. Blueborne has been called “Bluetooth’s Stagefright moment.”

    Watch this webinar to learn:

    • Understand the 8 zero-day vulnerabilities (4 critical)
    • Which devices are affected
    • How Blueborne can take over a device
    • How BlueBorne can be used for a Man in the Middle Attack
    • What’s involved in protecting your network

    About the Speaker:
    As co-founder and CTO, Nadir Izrael guides the technology vision behind Armis to protect unmanaged and IoT devices. He co-founded the company in 2015 with its CEO, Yevgeny Dibrov. Prior to Armis, worked at Google as senior software engineer. Before Google, Nadir spent six years in the Israeli army, specifically in unit 8200, where he designed and programmed software projects and systems, served as team leader and did officer’s training attaining the rank of captain.
  • NotPetya - 3 Steps to Prepare for the Next Ransomware Attack Recorded: Jul 17 2017 44 mins
    Nadir Izrael, CTO & Co-Founder, Armis
    Much of the world was still scrambling to patch and clean up from WannaCry ransomware attack when the (not)Petya attack hit. While (not)Petya relied on Eternal Blue, just as WannaCry did, it had a few new tricks.
    - No Kill Switch – There doesn’t appear to be a kill switch URL, so (not)Petya can’t be shut down simply by purchasing a domain name.
    - Lateral Movement – The new attack includes additional exploits so it can move laterally through the network and infect other devices.
    - New Unmanaged Devices – Reports say the attack hit point of sale devices and ATMs, in addition to the laptops and desktops.

    Join Nadir Izrael, CTO of Armis, and former Captain in the Israel Intelligence 8200 Group, to discuss the 3 steps you should take to prepare for the next ransomware attack. And, why your weakest link now exposures your entire enterprise.

    About the Presenter:
    As co-founder and CTO, Nadir Izrael guides the technology vision behind Armis to protect unmanaged and IoT devices. He co-founded the company in 2015 with its CEO, Yevgeny Dibrov. Prior to Armis, worked at Google as senior software engineer. Before Google, Nadir spent six years in the Israeli army, specifically in unit 8200, where he designed and programmed software projects and systems, served as team leader and did officer’s training attaining the rank of captain.
  • NotPetya Attack - Cybercrime or Cyberwar? Recorded: Jul 12 2017 64 mins
    Malcolm Harkins (Cylance), Erika Noerenberg (LogRhythm Labs), Nadir Izrael (Armis), Michael Landewe (Avanan)
    The NotPetya pandemic that started in late June and disrupted the operations across companies, utilities, government agencies across France, Russia, Spain, Ukraine and the United States, happened just weeks after the WannaCry ransomware attack. Was NotPetya a financially motivated ransomware attack or an act of cyberwar?

    Join this interactive Q&A session with industry experts and find out the answers to your Petya/NotPetya questions. The topics up for discussion will include:
    - Difference between cybercrime and cyberwar
    - Industries targeted in the NotPetya attack
    - Short-term and long-term impact of this attack
    - Requirements and recommendations for strengthening cyber defense

    Speakers:
    - Malcolm Harkins, CSO of Cylance
    - Erika Noerenberg, Threat Research Engineer, LogRhythm Labs
    - Nadir Izrael, CTO of Armis

    Moderator:
    - Michael Landewe, Co- Founder of Avanan Cloud Security
Agentless device security for unmanaged & IoT devices
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

Visit our page for expert information and useful tips on how to keep IoT attacks off of your network

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: CDPwn: 5 Vulnerabilities in Cisco Device Protocol
  • Live at: May 26 2020 5:00 pm
  • Presented by: Ben Seri, VP of Research at Armis and Chris Dobrec, VP of Product Marketing at Armis
  • From:
Your email has been sent.
or close