Virtualization Technology News and Information
Black Hat USA 2023 Q&A: Armis Will Showcase Its Unified Asset Intelligence Platform and Will Host "Catch a Hacker"


Are you getting ready for the upcoming Black Hat USA 2023 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 26th year.  The event is quickly approaching, taking place August 5-10, 2023, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Curtis Simpson, CISO at Armis, a leading asset visibility and security company.  You're going to want to make sure you get them on your MUST SEE list.

Armis Logo 

VMblog:  Before we get into it, can you give us a quick overview of the company?  What should folks know?

Curtis Simpson:  Armis is the leading asset visibility and security company that provides the industry's first unified asset intelligence platform designed to address the new extended attack surface that connected assets create.

Our real-time and continuous protection allows our customers to see and understand, with full context, all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G.

VMblog:  You are sponsoring the upcoming Black Hat USA event.  How can attendees find you at the show? How many folks are you sending? What can attendees expect?

Simpson:  Armis has a lot to offer attendees at Black Hat 2023. With around 70 members of our staff attending this year, we have so many events and activities planned.

You can stop by our booth 2032 and meet our experts, see demos of our Unified Asset Intelligence Platform and take part in our fun activity which enables you to get keys to unlock our mystery asset box full of the best swag at the event!

You can also book a meeting with one of our executive leaders who will be attending, so you can hear more and get insight into a specific area or security issue that organizations are dealing with.

Finally, for IT professionals we are hosting a truly unique experience (twice!). "Catch a Hacker" is a 30-45-minute immersive experience that puts you in a serious incident within an organization that you have to fix! These sessions are happening on August 9th and August 10th.

This year, we are also incredibly proud to be supporting St. Jude's Children's Research Hospital where everyone coming to see us at our booth leads to a donation from Armis.

For all of the information about our plans, you can visit:

VMblog:  What is your message to Black Hat attendees coming out to the show this year?

Simpson:  In today's world, cyberattacks are not only focused on data theft, but also are actually targeting cyber-physical systems that our society is dependent on. This strategic shift in cyberwarfare and ransomware is causing real-world disruption and harm to global communities and society overall.

Protecting cyber-physical systems against cyberattacks is critical, and it's essential that organizations proactively mitigate risk before an attack occurs. With an ever-growing number of connected devices in use, combined with the fact that cyberattacks are on the rise, it's imperative for companies to have in-depth insights into the risks that vulnerabilities introduce.

As such, it's equally essential to ensure customers have the visibility to secure all of their assets from today's evolving cyber threat landscape. At Armis, we focus on identifying these attack vectors so that organizations and the wider cybersecurity industry can address these threats proactively.

VMblog: The show is focused on cybersecurity.  What specific problems is your company and technology addressing? 

Simpson:  The key underlying problem here is that enterprises do not have visibility into all of the asset information they need in order to make informed decisions about their current asset inventory and security posture, which impacts their ability to respond effectively to vulnerabilities, threats, and risks. Organizations that cannot see their assets cannot effectively manage or secure them. This foundational gap negatively impacts organizations and puts a strain on the industry overall, as cybersecurity continues to be a top concern of businesses and individuals, especially with the potential financial risk and disruption to business operations.

VMblog:  What are some of the key takeaways of your solution that Black Hat conference goers should be aware of? And what sets you apart from the competition?

Simpson:  Armis Asset Vulnerability Management (AVM) is the only solution for risk-based vulnerability management that enables organizations to prioritize mitigation efforts across the entire asset attack surface. AVM offers risk-based vulnerability management that enables security teams to quickly identify and remediate vulnerabilities, prioritizing those that are most likely to be exploited and negatively impact the business by potentially causing costly disruptions.

By providing complete asset discovery, real-time vulnerability and threat intelligence, and highlighting critical assets, Armis AVM enables enterprises to hone in on the assets increasing operational risk for smarter remediation efforts, allowing them to better manage their attack surface and improve risk posture.

VMblog:  What will you be showing off at the show this year?

Simpson:  As you may have seen just recently, we've been jointly working with our partners at Honeywell on a vulnerability disclosure. We believe we're better together when it comes to strengthening cybersecurity overall. We'll be speaking about the Crit.IX vulnerability disclosure, its impact and key lessons learned in the disclosure process at this year's event. Details of the session can be found here:

VMblog:  What are some of the top priorities you believe attendees at Black Hat should be considering for 2023/2024?

Simpson:  The cyberwarfare landscape continues to evolve significantly. As such, business and IT leaders must understand the evolving threat landscape so that they can improve their cybersecurity posture to defend against these attacks. Additionally, the race for tech dominance and increased protectionism between China and the U.S. is at an all-time high. That's a problem for businesses that are not prepared for an escalation in cyberwarfare with China (or any other nation).

Despite these rising tensions and ongoing global conflicts, our cyberwarfare study found that 33% of global organizations are not taking the threat of cyberwarfare seriously. These organizations identified as indifferent or unconcerned about the impact of cyberwarfare on their organizations as a whole, leaving room for security gaps. This is despite the fact that the threat landscape continues to worsen: more than half (54%) of respondents surveyed who are their organization's sole decision-maker for IT security said they experienced more threat activity on their network between May and October 2022, when compared to the six months prior.

With global tensions and the looming threats of new cyberwar adversaries changing the threat landscape for U.S. companies, it's critical that U.S. business and IT leaders can take immediate steps to shore up their cyber resilience.

VMblog:  What are some of the security best practices you would deem critical?

Simpson:  Ensuring a strong security posture and business-aligned cyber resilience starts with asset visibility. Having the ability to see every asset operating the business and how they map to other assets and business capabilities gives organizations the tools to understand the business context, infrastructure and risk affecting their cyber resiliency, and to use that context to set security policies specific to their organizations' needs. The technological challenge comes in the form of performing identification and classification of these assets, when most devices simply weren't designed to accommodate traditional methods; such as deploying security agents, or when other techniques such as scanning can be disruptive to operations. Organizations must be able to perform comprehensive discovery, identification, and classification in a passive and continuous manner - otherwise, they'll be blind on the one hand and be subject to business and brand disruption on the other.

That said, you shouldn't fall into the trap of visibility alone. Context matters. Security teams should know: what is a device doing, measured against what it should be doing? This combination of continuous and real-time visibility and behavioral analysis is key to ensuring that the connected assets, systems, and infrastructure can perform as they are intended, and that they don't become the entry point or a stepping stone for bad actors to compromise the organization.

VMblog:  If you were presenting on the keynote stage, what trends do you see that companies should be paying special attention to in 2023 and beyond?

Simpson:  We're seeing companies try to strike a balance between tech innovation and the high-risk cybersecurity landscape. Smart devices are already integrated into everything from mobile phones to security systems at hospitals and much more. While new managed and unmanaged assets across IT, cloud, IoT, IoMT, and beyond offer many benefits for businesses and their customers, these assets also extend an organization's cyber attack surface. Security and technology leaders need to prioritize gaining visibility into what's connected to their network to improve their asset security posture and mitigate this risk.

VMblog:  Does your company have any speaking slots at Black Hat?  If so, can you tell us more about those sessions so people can get them on their schedules?

Simpson:  As mentioned briefly above, Carlos Buenano, Principal Solutions Architect of Operational Technology at Armis, is presenting on Wednesday, August 9th from 3-3:50pm PT at Mandalay Bay. His session, "Securing Critical Infrastructure (vulnerability disclosure) with Armis," is a must see! Details here:

VMblog:  Is your company giving away anything at your booth?

Simpson:  Absolutely, we have some amazing prizes to give away! If attendees stop by booth 2032 they can speak with one of our experts, see a demo, or book and meet with one of our executives. From there, they get the key to not only solving their biggest cybersecurity challenges, but the key to unlocking the best prizes at Black Hat! Pro-Tip: the sooner you stop by and get your keys, the better your chance is to win the best prizes, as quantities of the top prizes are limited.

VMblog:  Is your company involved in any parties during the event?

Simpson:  We sure are! We've taken over the Hazel Lounge again, in the heart of Mandalay Bay. We are hosting two happy hours during Black Hat. Join us to network with our cybersecurity peers on August 8th or August 9th. We'll be there on both days from 6-11pm PT with live music and cocktails, ready to have a good time with customers, partners, new industry connections and our extended Armis colleagues! Register here:

VMblog:  As a show sponsor, do you have any tips for attendees to better prepare for the conference?

Simpson:  Big events such as Black Hat can be overwhelming for both first-time and veteran attendees. We recommend planning out your agenda so you can attend any must-see sessions, schedule time for vendor booths, and network with fellow security professionals.


Published Wednesday, July 19, 2023 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2023>