[AWSReInforce2025] Redefining cybersecurity for modern threats with Armis Centrix (NIS122)
Lecturer
Steve Clark serves as Director of Cloud Alliances at Armis, orchestrating partnerships that extend cyber exposure management across cloud and edge environments. His expertise centers on asset intelligence platforms that provide real-time visibility into managed, unmanaged, and IoT devices.
Abstract
The presentation positions Armis Centrix as a cloud-native platform for comprehensive asset protection, demonstrating integration with AWS services to identify, prioritize, and remediate risks across the attack surface. Through customer examples in transportation, healthcare, and aviation, it establishes proactive exposure management as essential for modern threat defense.
Asset Discovery Beyond Traditional Boundaries
Modern environments contain thousands of unmanaged devices—IoT sensors, medical equipment, building controllers—that evade conventional inventory tools. Armis Centrix discovers assets through passive traffic analysis and active querying:
Network Traffic → Behavioral Fingerprint → Device Classification
↓
Risk Scoring Engine
The platform identifies device type, manufacturer, firmware version, and operational context without requiring agents.
Risk Prioritization and Business Context
Raw asset data becomes actionable intelligence through contextual scoring:
{
"device": "GE MRI Scanner",
"vulnerabilities": ["CVE-2023-4567"],
"connectivity": "Internet-facing",
"business_unit": "Radiology",
"priority_score": 9.8
}
Integration with ServiceNow CMDB enriches discovery with ownership and criticality metadata, enabling precise remediation workflows.
Integration Patterns with AWS Services
Armis ingests VPC Flow Logs and GuardDuty findings to extend visibility:
connectors:
- aws_vpc_flow_logs
- aws_guardduty
- servicenow_cmdb
- palo_alto_firewall
EventBridge rules trigger automated responses—quarantining compromised IoT devices, creating Jira tickets, or notifying device owners.
Real-World Deployment Outcomes
Case studies demonstrate operational impact:
- Transportation Provider: Discovered 40% more assets than ServiceNow inventory; achieved regulatory compliance ahead of DoT mandates
- Healthcare System: Reduced mean time to patch critical medical devices from 90 to 14 days
- Airport Authority: Identified rogue Wi-Fi access points and unauthorized Bluetooth beacons
These organizations leverage Armis within AWS environments, processing petabytes of traffic data with sub-second query response.
Proactive Exposure Management Framework
The platform implements continuous assessment:
- Discovery: Passive and active techniques
- Classification: ML-based device fingerprinting
- Risk Scoring: CVSS + business context
- Remediation: Automated playbooks and orchestration
- Verification: Continuous validation of control efficacy
This cycle operates 24/7, adapting to asset churn and emerging threats.
Conclusion: Comprehensive Asset Protection
Armis Centrix transforms asset visibility from periodic audits into real-time intelligence. By combining passive discovery, behavioral analysis, and AWS integration, organizations gain comprehensive protection across IT, OT, and IoT environments. The platform enables security teams to move from reactive incident response to proactive risk elimination.