In April, Armis announced the acquisition of Silk Security aimed at progressing the Exposure Management paradigm by comprehensively addressing the entire risk prioritization and remediation lifecycle.
As an integral part of the Armis Centrix™ portfolio, Silk is now:
Armis Centrix™ for VIPR Pro – Prioritization and Remediation
By seamlessly integrating into Armis Centrix™, VIPR Pro – Prioritization and Remediation closes the traditional gap between security findings, asset ownership and actionable remediation, offering a holistic and prioritized approach to exposure management. With VIPR Pro – Prioritization and Remediation, Armis goes beyond vulnerabilities to address security issues, misconfigurations in code, cloud infrastructure and applications.
What to fix, Who Should Fix it, and How it Should be Fixed
VIPR Pro – Prioritization and Remediation extends and augments the security tools already in place to ensure that when engineers wake up in the morning, there is a clear and easy way to communicate to them exactly what to fix – allowing security teams to scale remediation through automation and collaboration. Instead of a manual, tedious and disconnected risk resolution process, Armis empowers teams to collaborate on how to resolve the security findings that put their business at risk. Organizations leveraging these capabilities have reported:
- Drastic reduction in findings volume through ML deduplication
- A significant reduction in time spent on identifying owners and assigning tickets, resulting in improved Mean Time to Remediation (MTTR).
- Substantial increase in the number of closed findings, reducing overall threat debt and enhancing organizational security posture.
Why the Time for VIPR Pro – Prioritization and Remediation is Now
For many organizations, the complexity and rate of change in their environments have amplified challenges for managing cyber risk and compliance. Security teams wade through a flood of largely duplicative alerts from multiple detection tools, often can’t sustain a strategy to prioritize findings based on risk, business impact and contextualized threat severity. Additionally, they cannot consistently determine who should be responsible for the fix, and how to communicate a fix for those findings.
At the same time, these technology shifts have generated the need for detection tools that could identify security issues, vulnerabilities and misconfigurations in code, cloud infrastructure and applications. This development is commonly referred to as ‘tool sprawl’ – but is in fact the result of security teams adopting domain-specific and overlapping tools for new sources of risk in their environments.
| 1.1 Million | 4 Days | 85% |
|---|---|---|
| On average, 1.1 million individual vulnerabilities were in the security backlog in the past 12 months and less than half were remediated | IT security teams are spending an average of four days per week (or 16 days a month) manually prioritizing vulnerabilities. | 85% of identified vulnerabilities included in the CISA Known Exploited Vulnerabilities (KEV) catalog were unremediated after a month. |
| Source | Source | Source |
There are any number of statistics that we can point to how current approaches for dealing with this emerging landscape are falling short: the time spent by security teams manually sorting through alerts from multiple detection tools, on trying to identify priorities for remediation based on risk, and then trying to identify who is responsible for remediating the finding.
The lack of a consolidated, unified approach to identifying and fixing risk is further illustrated by by a data point from the 2024 Verizon Data Breach Incident Report: on average, 85% of identified vulnerabilities included in the CISA Known Exploited Vulnerabilities (KEV) catalog were unremediated after a month; and, even after a year, 8% were still unremediated. Because CISA KEV covers only CVEs (as opposed to other code, cloud and AppSec exposures) and covers active vulnerability exploits, this protracted average mean time to resolution (MTTR) for high-risk issues underlines how much enterprises can improve.
Our Unique Approach
Our product is the first to address the prioritization and remediation challenges holistically – tackling both the underlying data overload and context issues for prioritization, and the orchestration and collaboration issues for response management.
As an integral outcome of our approach, security teams can understand how a single fix in code can address multiple issues in production as well as how to operationalize a bulk grouping and ticketing campaign at scale to address multiple instances of a common fix. This visibility from code to cloud and even to public domains, not only helps prioritization – but also allows us to identify fixes with the highest impact across the environment.
As we expand our commercial footprint, we’ve seen that VIPR Pro – Prioritization and Remediation’s flexibility empowers customers to make better decisions, faster and centrally track remediation status, building a foundation that puts them on a path to a holistic risk resolution strategy.
What’s Next?
With VIPR Pro – Prioritization and Remediation now part of the Armis Centrix™ platform, the stage is set for a transformative journey toward enhanced security resilience, prioritization, remediation control and reporting, and operational efficiency. We are moving to continue to expand platform integrations with existing customer security stacks to reinforce and extend the power of Armis Centrix™ to see, manage and protect the attack surface and work in conjunction with the technology that organizations may have already invested in.
With VIPR Pro – Prioritization and Remediation, security teams can progress from understanding the attack surface, to intelligently reducing risk where it matters as part of a collaborative and transparent process, and achieving actual security. Ready to step into the future? Download our Solution Brief and request your personalized demo.
Share this Article
Get Updates
Sign up to receive the latest from Armis.