Armor has released a major update to Armor Anywhere. The update adds two new security capabilities, Intrusion Prevention System and Recommendation Scans. These allow the product to be more proactive in detecting security issues on servers and devices. Armor has also added the ability to ingest data from more log sources and create new visualisations of that data.
“I am excited about the new additions and enhancements we have made to our threat detection and response capabilities,” said Ike Nwabah, director of product marketing at Armor.
“With this launch, we have added additional security capabilities that help customers protect against threats and have enhanced our detection and response capabilities across our customers’ hybrid environments. This is significant news for our customers.”
What was added to Armor Anywhere?
There are four areas where Armor is announcing new features and updates to Armor Anywhere. These are:
- Intrusion Prevention System (IPS): IPS and Intrusion Detection are now part of the Armor Anywhere. IPS can run in protection mode. It also allows customers to tune and manage rules against any given workload.
- Policy Recommendation Scans (PRS): Armor scans the hosts’ operating system, and everything installed and running on that device. It looks for any vulnerabilities or outdated rules and gives the customer a list of recommendations to protect the device. Customers can also run this in automatic mode and have patches applied and rules updated.
- Log and Data Management: There is support for ingesting additional log sources. It includes event logs from cloud-native sources, network appliances and security devices. The new visualisations in the Log Search and Visualization feature allow customers to build custom dashboards. Security Incident Connectors allow a security event or incident, discovered by Armor, to be ingested and analysed by customers.
- Operational Control: This allows customers to use the CLI to turn security features on and off.
Improving the security of remote workers
The explosion in remote working over the past three months has stretched security teams to their limit. Users are, in many cases, not using corporate managed devices. They are using their personal devices whose security state cannot be determined. Threat actors are targeting remote workers. They see them as a weak point because of this use of personal devices.
To keep business running and support remote workers, IT is increasingly deploying applications and servers in the cloud. Automation and orchestration of deployment mean that IT often has no accurate picture of its cloud-based assets. It means that they are at risk of increased activity from threat actors either directly or by infected end-user devices.
This addition of IPS is designed to address that. It monitors all the incoming traffic looking for threats. In a short video, Josh Bosquez, Chief Technology Officer for Armor said: “We are now happy to say that our customers can now turn our IPS platform, that runs on every workload, into protection mode. Not only can you put it into protection mode, but customers can now tune and manage the rules that they see fit on a given workload itself.” That protection mode means IPS will detect threats and block malicious code and activity.
The new PRS options in Armor Anywhere will also appeal to security teams. It allows them to quickly scan cloud-based servers and identify risks such as known vulnerabilities or outdated security rules. These can then be patched by IT or through the automatic patching that Armor has built into Armor Anywhere.
Enterprise Times: What does this mean
Anything that improves security is to be welcomed. IT is making more use of the cloud, and for many, they have limited visibility of the assets they have deployed and their security state. It creates the risk of devices not patched or failing to have their security rules updated. The IPS and PRS updates should help solve this.
Cloud security teams will also appreciate the ability to manage security features for VMs from the CLI. Security analysts can now script actions they can quickly apply to VMs without having to go through a GUI which can take time.
SOC teams and analysts also gain in this release. Increasing the ability to ingest log files from a wider set of sources will provide more data on what is going on. With the new visualisation and analysis tools, they can also get a real-time view of threats and attacks.
Armor focuses on cloud security not end-user devices. However, it would be interesting to see if it looks to expand these capabilities for end-user devices. The rise on attacks against remote workers and the indeterminant state of security on their devices is a serious problem. While the IPS/ID solution might be too much, the PRS solution would have a beneficial impact.