Armor Anywhere: New Features Provide DevOps and Analyst Flexibility
DevOps teams and security analysts who manage threat detection and response tools need the ability to adjust security and compliance controls to address changing requirements and use cases across their environments. Armor now makes it easier to choose the tools they need to make those adjustments, customized to the types of workloads they protect.
In the latest release of Armor Anywhere, we’ve enhanced our proven threat detection and response solutions with new capabilities that allow Armor to see more, ingest more, analyze and correlate more, and block more to deliver stronger security outcomes for customers. We’ve also included new operational control and self-service features for teams that require custom configurations and toolsets.
Easy On/Off Capabilities Through Command Line Interface
Armor Anywhere operators can now turn on or turn off security and compliance capabilities through the Command Line Interface. This functionality gives users full management of sub-services and allows users to turn on or off IPS, IDS, recommendation scans, malware protection, file integrity monitoring, vulnerability scanning and log and data management as they see appropriate. This can be done for one host or across multiple hosts at the same time. Operators can also deploy Armor Anywhere holistically through the CLI.
“DevOps teams will like the flexibility and control this gives them to alter security coverage based on what tools they may already have or the particular sensitivities and use cases of the workloads they protect,” said Robert Rea, Armor’s vice president of engineering. “The ability to make changes to one virtual instance or a fleet of them means those teams can be more efficient across their activities.”
AMP Toolbox Enhancements
The Armor Management Portal (AMP) Toolbox now brings the same operational control and flexibility to all users in a simpler, easy-to-use user inteface in AMP called “Toolbox.” Users can manage agent sub-services and perform changes to security and compliance features for individual virtual machines or groups of virtual machines. Teams can now automatically deploy CLI scripts through the portal to generate CLI command scripts.
“Teams can make changes to the services running for a single virtual machine or for a collection of them and even schedule them to run in the future,” said Rea. “For IT security leaders who aren’t part of DevOps, it provides and easy-to-use Toolbox for overall management.”
Tags in the Armor Management Portal allow users to assign metadata tags to virtual machines. For example, an operator might tag several virtual machine assets as “PCI-DSS” to signal that the assets are part of their PCI compliance environment. They may also tag sets of virtual machines based on major projects, initiatives, or even based on team ownership. Operators/Users can then review virtual machine information for a specific tag by sorting or filtering on the tag designation of interest.
Security Incident Connectors
A security incident connector is simply a connector allowing an application to provide another application with real-time information. The connectors give flexibility in how Armor customers and partners consume our threat detection and response outputs based on their unique operational needs. For instance, if a partner has their own SOC but wants to take advantage of Armor’s analysis and correlation of event information and feed the results of that into their own SIEM, the connector would allow that. security incident connectors can pass on event, detection and incident information to a customer’s or partner’s data lake, ticketing or SIEM tools.
“Security analysts can now have a better understanding of the assets they are monitoring security for and their relative importance, whether they are subject to compliance, ownership, or any other value they need to assign to them,” said Rea.
“All of these new features help analysts and DevOps teams adjust security and compliance protections in place for a given workload or group of workloads. If they have an existing tool in place, they can continue to use it and see those adjustments and other details in the Armor Management Portal.”
The new release also features enhanced log and data management capabilities, allowing users to ingest more log and event information from cloud and third-party sources. Additional log sources can then be correlated for deeper insights, giving security analysts greater visibility into threats within an environment.