Communication-STEM Ltd

Armis Centrix

Armis Centrix is a cybersecurity solution providing organizations with comprehensive visibility and control over all assets across IT, OT, IoT, and IoMT environments. It enables the detection and mitigation of risks and vulnerabilities by analyzing and managing the security-posture of devices connected to networks, ensuring a strengthened defense against cyber-threats.

Features

• Asset inventory management
• Security posture optimization
• Gap analysis and hygiene
• Compliance reporting capabilities
• Network segmentation automation
• Threat detection and response
• Vulnerability monitoring, prioritisation and remediation
• OT/IoT/IoMT/IT management
• Automated enforcement
• Real-time asset tracking and monitoring

Benefits

• Enhanced security posture
• Comprehensive asset visibility
• Automated compliance reporting
• Improved IT hygiene
• Efficient threat detection
• MTTD/MTTR drastically reduced
• Network segmentation ease
• Risk management enhancement
• Unified asset management
• Operational efficiency gains

£42 a device a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

523585702728093

Contact

Andrea le Velle
0345 241 0000
andrea.le.velle@c-stem.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: As Armis is a SaaS based service allowing us to add (or subtract) cloud resources to meet a customer’s need automatically. Customers can also deploy on-premise collectors to collect asset information from on-premise data sources. Collectors are fully independent and can scale horizontally as needed.
• System requirements:
  • Armis is an agentless SaaS platform with additional on-premise collectors.
  • Hardware Collector: 1U server, requiring management IP and basic networking
  • Virtual Collector: 8 CPU cores, 16GB RAM, 40GB storage

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The initial response time for tickets depends upon the severity of the ticket and level of support. ; Critical (Severity 1) - 1 hour (Premium/Platinum) or 4 business hours (Standard); High (Severity 2) - 8 hours (Premium/Platinum) or 1 business day (Standard); Medium (Severity 3) - 2 business days; Low (Severity 4) - 4 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Armis operates a 24x7x365 global support center to address any questions or issues that you; may have about the Armis solution.; The availability of resources to address your tickets is subject to the Armis Support and Service; package you subscribe to:; ● Standard Support Services subscription ("Standard") provides customer business hours; availability (Monday-Friday 8am-5pm); ● Premium Support Services subscription ("Premium") and ; ● Platinum Support Services; subscription ("Platinum") provide 24x7x365 coverage
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Armis onboards and trains new customers through a combination of its agentless SaaS platform and extensive support resources. The platform easily integrates with existing IT and security systems, ensuring a smooth start without operational disruptions. Customers gain access to Armis University, case studies, webinars, and a rich resource center for self-learning. Additionally, Armis provides direct support and guidance for setup, ensuring users can effectively manage and secure their devices from the outset. This approach facilitates a comprehensive understanding and efficient use of Armis solutions.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data collected or derived by Armis is available for export. There are a number of ways to export the data: ; ; 1) by running a search in the UI then using the Export function to download in CSV or XLXS format ; 2) creating a report that extracts the data of interest and generate a corresponding CSV or XLSX file, and ; 3) use our API to exporting the data of interest.; ; Note that some data in Armis such as Activities are too large to export to CSV completely.
• End-of-contract process: All customer data is stored on Amazon AWS cloud environment and upon contract termination, the customer's dedicated instance and all data therein is securely eliminated using AWS inherent capabilities. Data deletion occurs both when a customer contract is terminated and when the data retention period is exceeded. Data can also be securely deleted upon request by the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The dashboard can be viewed on any modern HTML5 based web browser including mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Armis provides a fully functional RESTful API to access collected data, enrich the Armis dataset by adding information, or automate any number of other tasks. Full API details are available on the platform with detailed example code. The web application itself is built on top of a RESTful API, and so everything that can be done in the interface can be done programmatically as well.; For example, Armis provides an API to search for vulnerabilities associated with devices in Armis. The API returns any or all of the attributes we capture on vulnerabilities (ease of exploitability, severity, etc.) as well as all the devices that are exposed to the vulnerability.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All data captured, processed or analysed in Armis is available for reports and dashboards. Every report or dashboard is wholly customisable based on data rendered, type of report, how that report is summarised, and more. Armis enables custom policies that may be applied across identified types or groups of devices, activities and connections. Policies actions can include alerting via SIEM and/or enforcement actions such as via customer firewall or NAC integration

Scaling

• Independence of resources: As Armis is a SaaS based service allowing us to add (or subtract) cloud resources to meet a customer’s need automatically. Customers can also deploy on-premise collectors to collect asset information from on-premise data sources. Collectors are fully independent and can scale horizontally as needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers can view how many of their assets (IT, IoT, OT, IoMT and Cloud) are being discovered and identified by Armis
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Armis

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Keys are tenant specific and managed through the AWS key management service (KMS), a FIPS 140-2 certified offering (https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3139).; Each customer key is randomly generated per industry standards and used only for that client. Keys are encrypted at rest and in transit and are never reused or shared. Admins (DevOps) have access to the keys and SecOps continually monitors for potential deviations in the appropriate use of encryption keys.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All data collected or derived by Armis is available for export. There are a number of ways to export the data: ; ; 1) by running a search in the UI then using the Export function to download in CSV or XLXS format ; 2) creating a report that extracts the data of interest and generate a corresponding CSV or XLSX file, and ; 3) use our API to exporting the data of interest.; ; Note that some data in Armis such as Activities are too large to export to CSV completely.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • JSON format via API
• Data import formats: Other
• Other data import formats: Mirror traffic from network switch to collector

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Armis will use commercially reasonable efforts to maintain Uptime Availability of at least 99.9% per month as monitored by Armis’ Platform availability monitoring systems.
• Approach to resilience: Armis is a cloud based SaaS solution, designed to provide continuous operation built on standard resilient AWS infrastructure. The Armis operations teams are continuously monitoring the platform as part of the service with a 24x7 response team.
• Outage reporting: Critical service outages will be communicated via the Armis Customer Success team to the impacted customer.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Armis supports multiple authentication standards and protocols. By default, a standard login (user and password) is given. OTP can also be configured per user for authentication. From an organization level, Armis can use SAML authentication to leverage your existing user authentication systems. All authentication (and all communication with Armis) is done over secure channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman Compliance, LLC
• ISO/IEC 27001 accreditation date: 16/06/2023
• What the ISO/IEC 27001 doesn’t cover: In scope location(s) ; Itzhak Sade 8, Tel Aviv, 6777508, Israel; (Main Location of the ISMS) ; ; 300 Hamilton Avenue, Suite 500, Palo Alto, California 94301, United States; (Corporate Headquarters, Virtual Site)
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Schellman Compliance, LLC
• ISO 28000:2007 accreditation date: 16/06/2023
• What the ISO 28000:2007 doesn’t cover: In scope location(s) ; Itzhak Sade 8, Tel Aviv, 6777508, Israel; (Main Location of the ISMS) ; ; 300 Hamilton Avenue, Suite 500, Palo Alto, California 94301, United States; (Corporate Headquarters, Virtual Site)
• CSA STAR certification: Yes
• CSA STAR accreditation date: 08/03/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: All parts of Armis controlled service are covered.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27018
  • SOC2 Type 2
  • FedRamp Authorization
  • Cloud Computing Compliance Controls Catalog (C5)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27018; SOC2 Type 2; C-STAR Level 1; FedRamp Authorization; Cloud Computing Compliance Controls Catalog (C5)
• Information security policies and processes: • Led by our CISO and DPO, Armis has staffed a dedicated team of security operations resources that are tightly integrated with all operational elements of the organization.; • Corporate and product environment logs are consolidated and correlated within a FedRAMP Authorized, cloud-based SIEM solution. Relevant use cases have been configured to alert the team 24/7 to security events requiring further investigation and potential response.; • All policies and core controls are developed and implemented per the NIST 800-53 rev4 framework. This includes corresponding procedures that directly consider the intent.; • Hosted on our public website, Armis privacy and cookie policies are updated at least annually, and as new regulations are introduced. ; • All employees are required to complete a general security awareness course within their first 2 weeks of joining and annually thereafter. Roles with privileged access to our solution environment are required to complete role-specific training.; • NDA terms are included within the formal offer of employment signed by all employees before joining the organization.; • All candidates undergo a set of pre-screening and background checks before being hired as an employee, pursuant of applicable country, federal and state laws.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Monthly Release Management Cycle – All product changes to our product are tightly controlled through a structured monthly release process. This includes software updates, vulnerability remediation, bug fixes, new features, etc. Only once a change has been tested and certified by our QA function can it be added to the list of changes approved for deployment into production. Any changes failing to pass QA validation and certification efforts are sent back to development and if unable to be remediated in time, deferred to an upcoming release.; Note: QA validation and certification efforts include application security and vulnerability assessments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our entire virtual product environment is assessed for vulnerabilities on a monthly basis. Findings are remediated per predefined criticality-based service levels. As with all other changes in our environment, changes are tested and controlled through our monthly release process. Our Developers and QA team also assess changes during every release cycle for vulnerabilities that may be introduced through the change. When applicable, the change is sent back to the developer for remediation before promotion.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Centralized Log Consolidation, Correlation, and Alerting – Our centralized SIEM solution has been integrated with all relevant security event data sources, including virtual and physical infrastructure, application logs, device logs, and security solution events. Using both internally developed and externally source use case catalogs, the SIEM has also been configured to detect a range of potential concerning or malicious events and trigger an alert (24/7) to the cyber team for investigation.
• Incident management type: Supplier-defined controls
• Incident management approach: Armis has developed and socialized an incident response plan with all parties required to play a role in responding to an attack. Playbooks have also been developed for common forms of attacks and these playbooks are actively used by the team when reviewing events noted by our SIEM. The playbooks and overall response process are tested on a quarterly basis.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As the developer of Armis Centrix, a SaaS product, we have minimized our environmental footprint by choosing not to deploy the platform as a host, but to contract with Amazon Web Services (AWS) for hosting services. AWS is well-known for their sustainability initiatives.; ; Amazon Web Services is focused on efficiency and continuous innovation across their global infrastructure. AWS incorporates sustainability considerations into their data center design. AWS has a long-term commitment to use 100% renewable energy by 2025. ; ; By choosing AWS to host our SaaS, instead of opening our own data centers, Armis is reducing our carbon footprint. AWS estimates that by using the AWS Cloud instead of our own on-premises infrastructure, they typically reduce carbon emissions by 88%. They can achieve this because the AWS data centers offer environmental economies of scale. ; ; AWS estimates that organizations generally use 77% fewer servers, 84% less power, and tap into a 28% cleaner mix of solar and wind power in the AWS Cloud versus their own data centers.

Pricing

• Price: £42 a device a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full features for 30 days.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrea.le.velle@c-stem.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.