This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong

Welcome to this week, health my name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week Health. A set of channels dedicated to keeping health IT staff current and engaged. Today we have an interview in action from the 2023 Spring conferences, vibe in Nashville and hymns in Chicago.

Special thanks to our cDW, Rubrik, Sectra and Trellix for choosing to invest in our mission to develop the next generation of health leaders.

You can check them out on our website this week, health.com, now onto this interview.

  All right. Here we are from HIMSS 2023 in Chicago. And I'm here with Nadir Israel, CTO and co founder of Armus. I'm looking forward to the conversation.

Me as well. Thanks for having

me.

let's start with Armus. So, Armus is probably very well known. throughout a lot of different industries.

But in health care, talk to us about specifically what Armistice does in health care. Sure.

Health care in general and hospitals, clinical environments in particular face very interesting set of challenges. On the one hand, they're an environment that is under heavy attack these days, frankly, by a lot of different folks.

On the other hand, it's a very unique environment. Very operationally intense. Human lives are involved and It has a lot of old and new stuff that isn't exactly categorically computers, per se. There's a lot of interesting things within the environment. What Armis does for them and with them is basically map out their attack surface, map out every single asset and device that they have, profile and fingerprint, and so they understand what it is, and it helps protect that environment.

And specifically, I think, in the healthcare industry. It's a very unique offering because they're facing exactly those challenges.

So it's not just biomed devices?

No, it's everything. Because in essence, the entire ecosystem of devices and assets function together to provide patient care. So it really is everything from the biomed devices to the HVAC systems to the normal endpoints and servers and PAC servers, all the stuff that basically takes part in the hospital's

And so the first thing we do is discovery.

as a former CIO it's interesting how often I would ask for an inventory of fill in the blank and it was never accurate. How do we make sure we get, in order to map the attack surface, we have to have an accurate inventory. How are, how are we getting to that point?

So, Armis's entire technology can be seen.

summed up as an engine that can take input from lots of different sources. It can be network bound. It can be other systems, other pieces of infrastructure. A hospital has pulls it together, rationalize everything and creates that consistent asset inventory of every single thing that you have. And it's able to give access to that in a myriad of different ways.

And to your point, the tough part is really pulling together all that information and creating a usable. Set of data to actually use for security or for feeding into CMDB or anything else, you need to be able to take action on assets.

So it doesn't necessarily have to be the endpoint, it can actually feed other systems.

Yes. But. But I would imagine if I think about this, one of the biggest challenges we had with biomed devices was keeping them current. A lot of them are old. A lot of them were running antiquated operating systems and required patching and those kind of things. And we had to also keep track of alerts on a updates and those kind of things.

How does Armis address those kinds of challenges.

So, you're, you're spot on. I think a lot of the different devices we're talking about either can't be patched or won't be patched for a lot of different reasons. And in a hospital environment these days, the approach has to be proactive risk management and use of different methodologies in order to reduce that risk.

So, it can be patching where patching is applicable and Armis can actually flag those things or anywhere where you have recalls, FDA recalls, things like that. But the other aspect of it is being able to tie into different systems like segmentation systems, like firewalls, like other places, and essentially applying security controls that can act as mitigations.

automatically and keep those consistent in order to reduce the risk even for unpatched devices and assets. So essentially removing some of the risk by locking down how things communicate and also be able to isolate things if things go bad, if something becomes suddenly anomalous or malicious.

📍   📍 Alex's lemonade Stand was started by my daughter Alex, in her front yard. It By the time she was four, she knew there was more that could be done. And she told us she was gonna have a lemonade stand and she wanted to give the money to her doctor so they could help kids like her.

It was cute. Right? She's gonna cure cancer with a lemonade stand like only a four year old would.

But from day one, it just exceeded anything we could have imagined because people responded so generously to her.

We are working to give back and are excited to partner with Alex's Lemonade stand this year. Having a child with cancer is one of the most painful and difficult situations a family can face at Alex's Lemonade Stand Foundation, they understand the personal side of the diagnosis, the resources needed, and the impact that funded research can have for better treatments and more cures.

You can get more information about them at alex's lemonade.org.

We are asking you to join us. You can hit our website. There's a banner at the top and it says, Alex's lemonade stand there. You can click on that. And give money directly to the lemonade stand itself

now, back to the show. 📍   📍

So we can create automations around this.

Essentially, it identifies these systems, says this is of this level, you need to find some kind of policy and it essentially says, okay, I'm going to move this from this VLAN to this VLAN and, and protect that environment.

Yeah. And also profile normal behavior for things and apply those as ACLs and rules into systems so you can mitigate anything else that might be happening that isn't normal operation.

Think of it as kind of an automated. Adaptive shielding for the network-bound devices to make sure that they're only doing what they're supposed to be doing in a system that can react very quickly if something goes awry.

So if a device starts communicating in a way that is not normal for that device, you can say, It looks like...

You can say that's abnormal. But, essentially, that would be the way an attack would happen. They would compromise that device. They would then start going horizontally across the network and start doing other things. Correct. And you're able to identify that anomalous activity.

Yeah, so basically, imagine kind of going back to your first question.

You discover everything. You map out the attack surface. That's great. Now you know you have a bunch of problems. Some of the things, over time, you patch. Some of the things you either are not or can't patch. So those go into that form of automated risk management, where different controls and different security controls can be applied externally to reduce attack surface.

But, on top of all of that, as things progress, if something does get compromised or attacked, Arms would identify that behavioral pattern and would isolate it or be able to just lock it down within its own shell or put it into a different VLAN or something like that until it can be investigated and controlled.

That's interesting. The biomed devices were the bane of my existence, but I saw where a health system was actually hacked. through the environmental systems. So essentially any of those devices represent a potential entry point for an attacker.

Absolutely. And that's why we take and we're the only ones who really say this out loud.

A very ubiquitous approach to devices and assets. It's not just about the biomed devices and assets. It's about everything. The entire ecosystem of a hospital is meant to serve the patients and to serve the mission of that health care facility. And they all must be a part of how you conduct security, how you manage your attack surface, how you manage risk.

Is that what you find to be the biggest differentiator between what you're doing and others? I

think it's one of them, for sure. The other one is that we take also a holistic approach when it comes to what are the different tools that we provide different teams. So you have the biomed oriented systems that provide them with asset management capabilities, things like that.

Utilization. stuff like that. You have stuff that's oriented towards the sock or security response teams. But you also have things like tools that are meant for vulnerability management teams to track down, prioritize, do more with less. And we know that hospitals have a shortage of people who can actually manage different security programs.

So The whole idea is how to leverage this data to provide multiple different tools for multiple different teams. So we're not kind of a one trick pony, if you will. We provide a variety of different tools for different teams and a whole platform and stack for an organization.

What does the implementation look like?

I mean, what is the lift for a health care system to put this in place?

It's a cloud based tool. So for the most part, it's pretty easy. I think that the main thing that goes in, especially in a hospital environment, is what we call a collector, something that basically sits off the core switch within the environment.

That's usually the biggest lift in this, but even well before you go down that route, Armis can actually integrate with hundreds of different tools that exist within the environment, out of the box. It can be anything from... your existing asset management systems to network based things. If you have something like a Cisco Ice, for instance, or a set of firewalls, it's two clicks away and you're already off to the races.

The idea is basically create a flexible deployment methodology so that you can install things very quickly with minimal hassle and then go from there. I

think that's music to a lot of people's ears. Nadir, I want to thank you for your

time.

Thank you. Appreciate it.

Another great interview. I wanna thank everybody who spent time with us at the conference. I love hearing from people on the front lines and it's phenomenal that they've taken the time to share their wisdom and experience with the community. It is greatly appreciated.

We wanna thank our partners, CDW, Rubrik, Sectra and Trellix, who invest in our mission to develop the next generation of health leaders. Thanks for listening. That's all for now.