Transcript
Armor Anywhere - Security
Defend Data Anywhere
ARMOR AGENT OVERVIEW
Protect valuable workloads and cloud environments — no matter where they’re located. Defend Your Cloud Workloads
Security Operations
Organizations want the benefits of the cloud but are required to piece together an effective security program to protect cloud data and stop malicious actors before they enter your Virtual Machine and become a true compromise. Armor Anywhere - Security allows you to secure your data without additional headcount or overburdening your team.
Security results from the Armor Agent provide valuable data to Armor’s Security Operations Center, where our experts manage and secure your systems and workloads – monitoring both inbound and outbound traffic at the host – and identify malicious threats in real-time to enable quick response and containment before larger issues occur.
Obtain the benefits of Armor’s powerful cloud expertise, proactive security team and advanced threat intelligence without the complexity of hiring a security operations task force.
Our Security Operations Center and the processes they use are organized to ensure the highest level of security to our customers. The Threat Resistance Unit (TRU) collects, enriches and disseminates threat intelligence, to ensure that our experts stay ahead of threats that could impact customer environments.
The Armor Agent Armor Anywhere - Security operates through the Armor Agent installed on your server. The Armor Agent applies a suite of security services to public, on-premise, private and hybrid workloads. The Armor Agent also establishes a connection to the Armor Management Portal (AMP), allowing visibility of all instances of the Armor Agent you have installed on any cloud.
Our Indications and Warnings (I&W) team monitors customer environments for anomalies around the clock. The incident Response and Forensics (IRF) team focuses on mitigating and responding to potential points of compromise. Each of the teams in our Security Operations Center work together to constantly improve processes and fine-tune our tools – staying ahead of threats.
Secure Any Cloud Real-Time Security Dashboard via AMP Automated Installation Supports MultiCloud Strategies
armor.com (US)+1 844 682 2858 (UK)+44 800 500 3167
@armor
Armor Anywhere - Security ARMOR AGENT OVERVIEW
How It Works
Security Services
Once the quick and easy installation is complete, the Armor Agent registers with Armor’s API service endpoints via open outbound network ports or port-forwarding services. All data in transit is encrypted using TLS 1.2.
Intrusion Detection
With visibility to inbound and outbound activity at the host, Armor inspects anomalous traffic against predefined policies – detecting attacks like generic SQL injections, generic XSS attacks, DoS and generic web app effects.
Malware Protection
Armor protects your environment from harmful malware and botnets deployed to capture your data, monitor your activity or leverage your servers for illicit activity. In the event an alert is created, Armor’s threat analysts begin an in-depth investigation.
With a secure connection established, the security scan results and activity logs are sent to the Armor Management Portal (AMP). The security results and logs also feed into Armor’s Security Operations Center (SOC) and data is translated into security policies applied to your environment.
OS File Integrity Monitoring
Monitor critical operating system (OS) files for changes that may allow threat actors to control your environment. File integrity monitoring (FIM) utilizes OS-specific policies and provides Armor log visibility to assist in reviewing security events.
This crowd-sourced intelligence loop, combined with multiple channels of threat intelligence, blends to enhance the overall security protecting you from the latest threats.
Log & Event Management
Document, analyze and report all activity via Armor’s proactive log management controls. Armor captures log events from specific OS locations to determine validity and severity.
Patch Monitoring
Consistent patch monitoring is a cornerstone of maintaining a strong security posture. An outdated OS can lead to compromise. Armor provides you visibility to your environment running the Armor Agent so you can ensure your OS is consistently up to date.
Vulnerability Scans
Armor scans for potential points of risk to help reduce the surface area of attack. Weekly scheduled scans provide you a visible audit report to identify the vulnerabilities that attackers could use to penetrate your network so you can develop your remediation plan.
armor.com (US)+1 844 682 2858 (UK)+44 800 500 3167
@armor
Armor Anywhere - Security ARMOR AGENT OVERVIEW Armor Management Portal AMP is your window into all of your instances where the Armor Agent is installed. AMP allows you to monitor and manage your security posture through a single pane of glass.
Real-Time Updates
Armor Management Portal (AMP) Features Easily Secure Additional Instances
Add the Armor CORE Agent to other instances quickly and easily.
Malware Protection Service Health
View state of malware service engine and review previously detected malware items.
OS Patching Updates
View number of OS-level patches and whether a reboot is required.
OS FIM Service Status
View current state of FIM service, and review previous FIM scan results.
Log & Event Management
View up to 90 days of log events, or, select an option to access 13 months for regulatory requirements.
ARMOR AGENT
ARMOR MANAGEMENT PORTAL The Armor Agent reports to the Armor Management Portal for the latest updates.
Simple Account Support
AMP is your primary method to contact the Armor support team.
Vulnerability Scanning
View Vulnerability Scanning scan results to identify risks and determine appropriate next steps to reduce your threat vectors.
armor.com (US)+1 844 682 2858 (UK)+44 800 500 3167
@armor
Armor Anywhere - Security ARMOR AGENT OVERVIEW
Supported Operating Systems • RHEL 6 & 7 • CENTOS 6 & 7 • UBUNTU 12.04, 14.04 & 16.04 • Amazon Linux 2015.09, 2015.03, 2016.03, & 2016.09 • Windows 2008, 2008 R2, 2012, 2012 R2, & 2016
Minimum System Requirements
Onboarding & Installation
Remote Access
When you are ready for installation, Armor’s onboarding team will walk you through an introduction to AMP and provide step-by-step guidance on installing the Armor Agent on your server. After installation, Armor’s onboarding team will review AMP with the instances populated and connect you with support, should you need further assistance
To provide the highest level of support in the event of a security incident, Armor may require remote access to your environment. The customer retains all rights and access to their own environments, giving them the ability to disable services, connectivity or user accounts for any portion of our stack. However, doing so prevents Armor from delivering the remediation portion of our services and from offering timely support to real security matters.
Additionally, installs and updates of any of the software packages may have an impact on system resources during the installation process. Please consider any existing access controls, maintenance plans or critical applications prior to implementation.
Windows: • 2GB RAM, • 2 CPU minimum, • 3GB of free disk space minimum Linux: • 1GB RAM, • 1 CPU minimum, • 3GB of free disk space minimum
Network & Firewall Requirements Specific network connectivity is required on an ongoing basis to provide Armor services. All connectivity required for Armor Security is outbound unless stated otherwise. These requirements will be made available to you within an onboarding ticket or and are accessible via the Armor Knowledge Base.
armor.com (US)+1 844 682 2858 (UK)+44 800 500 3167
@armor
