See Compromised Devices and Protect Your Enterprise
Enterprise security managers are increasingly aware that unmanaged devices on the enterprise network—like security cameras, printers, HVAC systems, medical devices, etc.—are vulnerable to attack. You can’t put an agent on them. They are difficult or impossible to update, so over time, they accumulate a large number of common software vulnerabilities. Together, this leaves unmanaged devices highly vulnerable.
How do you detect when an unmanaged device in your environment becomes compromised or starts to behave maliciously? Today, you can’t.
Agent-based EDR: Won’t work because you can’t put agents on most unmanageable devices.
- Network IPS: Won’t work because they are not typically installed in the right locations to monitor unmanaged devices, nor do they understand the context of each device and know what behavior is appropriate for each device.
- Network access control (NAC): Only designed to classify devices and then to put them into the right network segment. They are not designed to detect threats.
- SIEMs: Log collection and analysis won’t work because very few unmanaged devices generate logs.
Once compromised, these devices can serve as entry points to attack the broader enterprise network. Armis, however, can help.