Hi [[ session.user.profile.firstName ]]

Yes! You can apply NIST & ISO controls to unmanaged and IoT devices

Unmanaged endpoints and IoT devices form a large attack surface in nearly every modern enterprise. In fact by 2021, 90% of devices in businesses will be unmanaged. These devices can’t be secured or monitored like normal desktops, laptops, and servers. So how do you apply cyber security frameworks — such as NIST 800-53, NIST CSF and ISO 27002 — in a world where legacy security solutions won’t work? Now there is a way to provide these security controls around unmanaged and IoT devices.

In this webinar, we’ll take a look at the risks associated with unmanaged and IoT devices. We will provide examples of how large enterprises have deployed innovative agentless security controls. And show the agentless approach maps to the NIST frameworks to meet the requirements of cyber security frameworks for unmanaged endpoints and IoT devices.
Recorded Jul 16 2020 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Curtis Simpson, CISO at Armis
Presentation preview: Yes! You can apply NIST & ISO controls to unmanaged and IoT devices

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Armis & ServiceNow Close the Managed, Unmanaged, and IoT Device Visibility Gap Oct 13 2020 5:00 pm UTC 60 mins
    Matt Mackinnon, Senior Director of Product Management at Armis
    Having an asset inventory you can trust is a critical component for any IT or security team’s success. But with so many devices in your environment today, many of which traditional asset management and security products can’t even see, it’s hard to know what’s there--and what’s not.

    Our new integration with ServiceNow makes sure your CMDB always has the latest details about every device in your environment for a complete and up-to-date asset inventory whenever you need it. Armis also performs continuous, real-time risk analysis of device behavior, and can generate alerts, open trouble tickets, or trigger policy-based blocking or quarantine actions automatically.

    Join us to learn more about how our integration with ServiceNow enables joint customers to:

    - Deploy comprehensive asset management at scale, easily, and quickly with ServiceNow.
    - Leverage Armis to gain visibility to IoT/OT, managed and unmanaged devices, and use ServiceNow to improve their security and operations posture
    - Monitor device activity to true-up their Service Graph and CMDB with new device details
  • Why Cybersecurity is Difficult to Achieve for Healthcare Organizations Recorded: Sep 9 2020 54 mins
    Curtis Simson, CISO and Tom Mayblum Senior Product Manager at Armis
    As healthcare institutions have been grappling with the overwhelming impact of COVID-19, many have also been fighting a second battle against hackers. Malicious hackers know that healthcare organizations continue to be hyper-focused on addressing the pandemic, making them prime targets for ransomware. At the same time, they continue to deploy connected medical devices to help doctors, nurses, and clinicians deliver faster, higher quality care. But these devices also create an attack surface that most healthcare delivery organizations have difficulty seeing and securing. And when it comes to connected medical devices, poor cybersecurity poses risks to patient safety and puts millions at risk. When looking at your cybersecurity efforts, you need to consider the following:

    - How do you secure medical devices that can’t take an agent or be scanned?
    - How do you detect and stop ransomware attacks?
    - How do you find the vulnerabilities that affect billions of devices across the globe?
    - How do you protect PHI data that may be sent across the network unencrypted?
    - How do you ensure patient safety and hospital operations?

    Join Armis experts Curtis Simpson, CISO and Tom Mayblum Senior Product Manager, as they answer these pressing questions that all healthcare organizations need to answer to protect themselves and their patients.
  • NSA & CISA Alert AA20-205A, How To Meet Recommended Actions For OT Systems Recorded: Sep 3 2020 42 mins
    Nadir Izrael, Co-Founder & CTO at Armis and Curtis Simpson, CISO at Armis
    In an unprecedented move the NSA and CISA, two US government entities with the greatest visibility into system attack surfaces and exploitation in the wild, issued an urgent joint cybersecurity advisory to all critical infrastructure and services operations that rely upon OT systems to deliver core services with Alert AA20-205A. This included recommendations that corresponding operations act with urgency to rapidly assess and manage the holistic set of security exposures placing such environments at risk.

    Join Curtis Simpson, CISO at Armis (former CISO for Sysco Foods) for this in depth review of Alert AA20-205A, including:
    -The rise in threats to OT systems
    -The six recommended mitigation techniques proposed in AA20-205A
    -The need for a complete view of every device - OT, IT, and IoT
    -How to understand and evaluate Cyber-risk on “As-operated” OT Assets
    -How to implement a continuous and vigilant system monitoring program

    All IT and OT professionals responsible for OT security for critical infrastructures and industrial operations are encouraged to attend.
  • The New Playbook for Medical & Hospital Device Security Recorded: Sep 2 2020 62 mins
    Chris Dobrec and Tom Mayblum from Armis and Guest Speaker: Chris Sherman, Senior Analyst from Forrester
    Medical device security has never been more important given a global pandemic and rising cyber attacks. The age of connected healthcare delivery is here, driving better patient care, reduced costs, and a wider attack landscape. So new approaches for security are needed. Join featured speaker Chris Sherman (Senior Analyst Forrester), Chris Dobrec (VP Product Marketing, Armis), & Tom Mayblum (Sr. Product Manager, Armis) will discuss what every healthcare institution needs to address for their cybersecurity program including:

    - The challenges with identifying and classifying every device - medical or otherwise in the environment.
    - Addressing new threats (like URGENT/11 and CDPwn)
    - The tools best suited for the task
  • NSA & CISA Alert AA20-205A, How To Meet Recommended Actions For OT Systems Recorded: Aug 13 2020 43 mins
    Nadir Izrael, Co-Founder & CTO at Armis and Curtis Simpson, CISO at Armis
    In an unprecedented move the NSA and CISA, two US government entities with the greatest visibility into system attack surfaces and exploitation in the wild, issued an urgent joint cybersecurity advisory to all critical infrastructure and services operations that rely upon OT systems to deliver core services with Alert AA20-205A. This included recommendations that corresponding operations act with urgency to rapidly assess and manage the holistic set of security exposures placing such environments at risk.

    Join Curtis Simpson, CISO at Armis (former CISO for Sysco Foods) for this in depth review of Alert AA20-205A, including:
    -The rise in threats to OT systems
    -The six recommended mitigation techniques proposed in AA20-205A
    -The need for a complete view of every device - OT, IT, and IoT
    -How to understand and evaluate Cyber-risk on “As-operated” OT Assets
    -How to implement a continuous and vigilant system monitoring program

    All IT and OT professionals responsible for OT security for critical infrastructures and industrial operations are encouraged to attend.
  • The Agentless Approach to Securing Finance Recorded: Aug 5 2020 55 mins
    Armis CISO, Curtis Simpson and Armis VP of Product Marketing, Chris Dobrec
    Fraud. Attacks. Data Theft. These are the top of mind concerns for any Finance security professional. To address those issues, they need to understand where all their risks are coming from. Many don’t have a full accounting of their managed devices, let alone the explosion of unmanaged devices (which will reach 90% of all devices by 2021). And concerns over fraud need to be balanced with protecting critical infrastructure - which is constantly under attack.This ongoing battle requires the right focus and the right tools. If you do not understand what is in your environment:

    - Would you have an accurate picture of your attack surface?
    - Would you be able to find those assets that you’re not even aware of (such as IoT devices you didn’t even know were in the building)?
    - How would you begin to secure those devices?
    - How would you do patch management to something you don’t even know you have?
    - How can you meet the basic CIS 1-6 security controls??

    Join Armis CISO, Curtis Simpson and Christopher Dobrec, VP of Product Marketing, as they take a look at the risks associated with all the things in your environment, even those you may not know about. And how Armis is helping their customers in Finance with an agentless and passive solution.
  • Yes! You can apply NIST & ISO controls to unmanaged and IoT devices Recorded: Jul 16 2020 64 mins
    Curtis Simpson, CISO at Armis
    Unmanaged endpoints and IoT devices form a large attack surface in nearly every modern enterprise. In fact by 2021, 90% of devices in businesses will be unmanaged. These devices can’t be secured or monitored like normal desktops, laptops, and servers. So how do you apply cyber security frameworks — such as NIST 800-53, NIST CSF and ISO 27002 — in a world where legacy security solutions won’t work? Now there is a way to provide these security controls around unmanaged and IoT devices.

    In this webinar, we’ll take a look at the risks associated with unmanaged and IoT devices. We will provide examples of how large enterprises have deployed innovative agentless security controls. And show the agentless approach maps to the NIST frameworks to meet the requirements of cyber security frameworks for unmanaged endpoints and IoT devices.
  • IoT Isn't a Four Letter Word: Unless It's Not Secured Recorded: Jul 15 2020 61 mins
    Curtis Simpson, CISO at Armis and Brad Hollingsworth, Director of Cybersecurity at Mattress Firm
    Session begins with Nicole Newmeyer, Technical Director- IoT, National Security Agency. Discussing "IoT Security 'Just As' or 'Even More' Important in a Changing World. Followed by Curtis Simpson, CISO at Armis and Brad Hollingsworth, Director of Cybersecurity at Mattress Firm discussion, which begins at 19:00 mark of the recording.

    When is IoT a four letter word? When it’s IoMT, IIoT, or IoRT? Because these devices often have no security. From manufacturing, to healthcare, to logistics & transportation, to energy and retail - all industries are deploying unmanaged and IoT devices to drive productivity & business performance. In fact, by 2021, 90% of devices will be unmanaged and IoT across virtually every industry. But use of these devices come with challenges - as they have no security and can't take an agent. In this session Brad Hollingsworth, Director of Cybersecurity for Mattress Firm, and Curtis Simpson, CISO of Armis (formerly CISO of Sysco) will share their experiences of working with these devices from the warehouse to corporate offices to retail stores. They will share their approaches in developing strategies for identifying and securing these devices, and how to address the real risks that come along with using unmanaged and IoT devices in your business.
  • The New OT Security Playbook: Addressing OT, IT, & IoT Devices Recorded: Jul 8 2020 32 mins
    Jack Marsal, Senior Director, Product Marketing at Armis
    The typical ICS environment is no longer the impregnable air-gapped network that it once was. It has been connected to the enterprise network, to the Internet, and to business partners who provide remote support. So while the traditional Purdue reference architecture is still “the” model, in most real-world environments it has lost its integrity. Attackers can find their way into your OT environment through new connected devices and converging networks..

    To address this problem, enterprises need a comprehensive security approach that secures both IT and ICS environments. Such a platform needs to be able to:
    -Generate a comprehensive inventory of all connected devices (OT & IT)
    -Identify risks associated with every device
    -Monitor the behavior and communication patterns of every device
    -Identify policy violations such as deviations from the Purdue reference architecture
    -Detect attack techniques such as those listed in the MITRE ATT&CK model
    -Take automated actions to thwart attackers

    This presentation will discuss practical approaches to achieving these goals including what to look for from security vendors.
  • We're All Two Hops from the Internet: Rethinking the OT Security Approach Recorded: Jul 1 2020 30 mins
    Nathan Singleton, Manager of Cybersecurity at Helmerich & Payne and Curtis Simpson, CISO at Armis
    When connected devices and sensors run from the pipeline to IP phone or the drill rig to the board room, we can no longer remain focused on the OT device alone in our security strategy. Attackers see one large enterprise, with many possible attack vectors and pivot points. Security teams today need the ability to monitor all vectors and all devices that might be used as part of an industrial attack kill chain.
    Join Nathan Singleton, Manager of Cybersecurity at Helmerich & Payne, and Curtis Simpson, Chief Information Security Officer at Armis, as they discuss the security challenges faced by modern industrial enterprises, the areas of exposure, and the changes needed to protect the modern OT environment.
  • Securing Connected Medical Devices: The New Hippocratic Oath Recorded: Jun 24 2020 58 mins
    Curtis Simpson, CISO at ARmis
    Hospitals and clinics are exploding with new connected medical devices. From infusion pumps to MRI machines, x-ray machines, heart monitors, and communication badges, these connected medical devices help doctors, nurses, and clinicians deliver faster, higher quality care. But they also create an attack surface that most healthcare delivery organizations can’t secure. How do you secure medical devices that can’t take an agent or be scanned? How do you detect and stop ransomware attacks? How do you ensure patient safety and hospital operations? Join Curtis Simpson, CISO of Armis, as he discusses these challenges and how healthcare organizations can protect themselves and their patients
  • 5 Critical Items to Consider When Securing Medical Devices Recorded: Jun 16 2020 51 mins
    Abhishek Argarwal, CISO at Fresenius Medical Care and Curtis Simpson, CISO at Armis
    From an MRI to an infusion pump to wireless Vocera badges to contact bluetooth beacons tracking devices, these equipment bring the promise of better medical care delivery - but only if they are properly secured. Join Abhishek Agarwal, the CISO from Fresenius Medical Care, and Curtis Simpson, CISO from Armis, in this on-demand webinar, as they discuss the new playbook needed to manage risk and maintain patient safety.
  • “I Don’t Know What I Don’t Know” - How I Solved the IT Asset Inventory Challenge Recorded: Jun 11 2020 47 mins
    Mark Sutton, CISO at Bain Capital and Curtis Simpson, CISO at Armis
    Do you trust your CMDB completely? Can you identify all the vulnerable devices and apps in your environment? What if you really could see all the devices and their risk in your environment? Automation and orchestration - you can’t do it unless you have accurate and complete CMDB. And that’s a huge challenge for every organization. Most companies can’t, and this leaves them exposed to compliance, vulnerability, and security issues. Join Mark Sutton, CISO of Bain Capital and Curtis Simpson, CISO of Armis as they discuss their experiences in the trenches. And how they got a complete picture of all the devices across their organizations - without the need of agents. And how they were able to improve their security postures. Join them to learn about:

    - Getting a comprehensive asset inventory
    - Identifying risks, vulnerabilities, and gaps in your security posture
    - Eliminating blindspots across your entire operation
  • Taming the Unmanaged and IoT Device Tsunami Recorded: Jun 3 2020 61 mins
    Cybersecurity Guru, Bruce Schneier and Curtis Simpson, CISO at Armis
    Businesses face a tsunami of new, connected devices. Not the traditional computer we may use at work. But devices that run our business, drive our manufacturing lines, or track and deliver healthcare to patients. These devices are essentially the new endpoint with operating systems, an application, and a network stack -connect to networks and even the internet. What they are missing is security. Up to 90% of devices in the enterprise will be unmanaged by 2021. This requires a whole new security playbook to mitigate risk and protect businesses. Join cybersecurity expert Bruce Schneier, Armis CISO Curtis Simpson, and Threatpost Editor-in-Chief Tom Spring as they discuss the reality of facing businesses with the proliferation of these unmanaged and IoT devices, how attacks are growing, and security challenges facing businesses today.

    Bruce Schneier, dubbed a “security guru” by The Economist, is an internationally renowned security technologist and best-selling author of over a dozen books exploring the risks and implications of our new, hyper-connected era. He works at the intersection of security, technology, and people, and has penned hundreds of articles, essays, and academic papers on these topics.

    Curtis Simpson brings more than 15 years of diversified information technology experience, with direct information security and management experience in positions of increasing responsibility at Sysco, a Fortune 50 corporation. As vice president and global CISO at Sysco, Curtis directed a portfolio of cost effective, business-focused security programs responsible for reducing security risks faced by a global organization.
  • Zero Trust Security for Unmanaged and IoT Devices Recorded: May 27 2020 44 mins
    Jack Marsal, Senior Director, Product Marketing at Armis
    The Zero Trust security approach has exploded in recent years. But almost all of the focus has been on applying Zero Trust principles to users and managed computers. Unmanaged and IoT devices have been left out of the conversation, leaving enterprises exposed to attacks on these types of devices.

    Watch this webinar to learn how you can apply Zero Trust security principles to unmanaged and IoT devices. Learn about —
    -Common Zero Trust security tools and architectures
    -How blind spots still exist for unmanaged and IoT devices
    -How Armis extends Zero Trust principles to unmanaged and IoT devices
  • CDPwn: 5 Vulnerabilities in Cisco Device Protocol Recorded: May 26 2020 34 mins
    Ben Seri, VP of Research at Armis and Chris Dobrec, VP of Product Marketing at Armis
    Armis has discovered five critical vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over corporate and network devices without any user interaction. The discovery, dubbed CDPwn, exposes vulnerabilities which could allow an attacker to fully take over switches, routers, IP phones and cameras.

    Watch this webinar to learn how an attacker would use CDPwn to exploit these vulnerabilities leading to:

    -Breaking of network segmentation
    -Data exfiltration of corporate network traffic traversing through an organization's switches and routers
    -Gaining access to additional devices by leveraging man-in-the-middle attacks by intercepting and altering traffic on the corporate switch
    -Data exfiltration of sensitive information such as phone calls from from devices like IP phones and video feeds from IP cameras
  • Asset Inventory: How Security Teams Get a Comprehensive View of IT, IoT, OT and Recorded: May 21 2020 37 mins
    Chris Dobrec, VP of Product Marketing, Armis
    How would you feel if you could get a comprehensive asset inventory across your entire environment - offices, remote locations, manufacturing floors; even off prem devices? All great security programs and compliance frameworks start with comprehensive and accurate asset inventory. And in a world of exploding devices, you need a full accounting of all your devices whether they be IT, IoT, OT, or even medical devices. Join Chris Dobrec, VP Product Marketing of Armis, and Holger Schulze, founder and CEO of Cybersecurity Insiders, for this live webinar as they explore the challenges that security teams face when building a comprehensive and accurate view of all the assets in their environment.

    They will discuss:
    -The wave of unmanaged and IoT devices connecting to today’s networks
    -The fragmentation of device data across different IT and security tools
    -The risks and vulnerabilities these new devices introduce
    -How to get a unified, comprehensive asset inventory
    -How to ensure automated policy and security enforcement
  • MITRE ATT&CK® for ICS - Practical Applications Recorded: May 20 2020 61 mins
    Otis Alexander, The MITRE Corporation | Fritz Wetschnig, Flex | Nadir Izrael, Armis
    The MITRE ATT&CK® for ICS knowledge base was released in January 2020 and has received a tremendous amount of interest from security professionals.

    Join security experts from MITRE, Flex, and Armis to hear practical tips about how you can use the MITRE ATT&CK for ICS knowledge base to assess your current cyber defences and make adjustments to better protect your industrial control environment from cyber attack.

    Otis Alexander - Lead Cyber Security Engineer, The MITRE Corporation, will describe how the new ATT&CK for ICS knowledge base compares and contrasts with their previously published knowledge bases, MITRE ATT&CK for Enterprise.

    Fritz Wetschnig - Chief Information Security Officer (CISO) and VP, Enterprise Information Technologies at Flex, a global manufacturing organization, will describe how his security team is currently using the MITRE ATT&CK knowledge base to optimize their cyber defenses.

    Nadir Izrael - CTO and Co-founder at Armis, will dive deep on practical applications and tips that Armis has recently published regarding cyber defenses for industrial control systems.
  • Best Practices for Medical Device Security Recorded: May 14 2020 46 mins
    Chris Dobrec, VP of Product Marketing, Armis
    Hosted by Health IT Security. Advances in medical device technology help you deliver top-notch care, but who’s making sure those devices are healthy too? Hidden inside things like MRI and x-ray machines, infusion pumps, and patient monitors are vulnerabilities that can put patients at risk.
    These devices have no built-in security controls, they’re impossible to update without arduous recertification, and they can’t host agents traditional endpoint security products require.
    Join Armis to learn about vulnerabilities like URGENT/11 that bad actors can use to take control of critical medical equipment. We’ll discuss real-world threats to devices and provide you best practices to secure your connected medical devices and keep your patients safe.
  • Agentless Device Security for Palo Alto Networks Recorded: May 14 2020 38 mins
    Scott Oldfield, Account Executive from Armis | Travis Dye, Solutions Architect from Armis
    The Armis agentless device security platform gives Palo Alto Networks customers unparalleled device visibility and control. Fast and easy cloud integration with Cortex allows the Armis platform to discover and profile every device, and to analyze device activity for suspicious or malicious behavior. And the platform’s integration with Palo Alto Networks next-generation firewalls (NGFW) blocks suspect devices automatically, helping to ensure sensitive data and systems stay protected.

    Join our webinar on Thursday, May 14 to learn how our joint solution enables you with:
    -Complete asset inventory of every device - managed, unmanaged, IoT and more
    -Deep device behavior insights so for more effective risk management
    -Advanced threat detection and response to find and stop threats and attacks
Agentless device security for unmanaged & IoT devices
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

Visit our page for expert information and useful tips on how to keep IoT attacks off of your network

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Yes! You can apply NIST & ISO controls to unmanaged and IoT devices
  • Live at: Jul 16 2020 3:25 pm
  • Presented by: Curtis Simpson, CISO at Armis
  • From:
Your email has been sent.
or close