Thought Leaders in Internet of Things: Joe Lea, VP of Product at Armis (Part 5)

Sramana Mitra: I understand what you’re doing. You said you have 200 enterprises that have already adopted your technology?

Joe Lea: We do. That’s critical. The broader our deployment, the more places we deploy. The level of accurately identifying suspicious events is better the more that we see. We’re happy to report that we finished our fiscal year yesterday. We’ve grown 800% over the last year.

We’re accelerating in the extent to which we’re getting visibility into environments across industry verticals – healthcare,manufacturing, retail. We work across every industry vertical including government, healthcare, education, financial services, and insurance. That broad visibility across industries is what’s fueling our knowledge base growth and our ability to accurately identify devices.

Sramana Mitra: What is the landscape in the IoT security? Are there problems that you see out there that’s not exactly what you’re doing? Are there open problems that you see from your vantage point that you would like to encourage other entrepreneurs with cybersecurity and IoT knowledge and expertise to go after?

Joe Lea: I’ll share a bit of my perspective on the space. This space is amazing. The businesses that we’re talking to are seeing the biggest growth in devices ever. This is bigger than PC and mobile combined. Whether it’s Gartner numbers or any other analyst, the number of devices was spiking out there.

If you look at the composition of the devices that are growing, it’s not so much the traditional enterprise laptops, desktops, and servers; it’s more of those things that go unmanaged by enterprises and the security team. It’s the BYOD for PCs and mobile devices that are brought in – smart phones, tablets. Even bigger is this portion of the device composition out there that is Enterprise of Things or Internet of Things, and medical devices. There’s a massive explosion in the number of those devices.

The people that we’ve talked to aren’t seeing about 40% of the devices around them. It’s amazing. The tools that they have today are primarily focused on the traditional endpoints as in the industry has solidified the definition of those as being laptops, desktops, and servers. Whether they have a keyboard and a monitor or not, they are essentially computers. They have operating systems, networking stack, application that serves some purpose that comes with a set of vulnerabilities. This is the new endpoint.

That’s the realization of the significance of this space. These things are all endpoints. They’re designed to connect. They have a whole host of security problems that come with them – lack of encryption and you hear about default passwords that are not required to be reset. These devices are hard to update. They’re difficult to patch and so they frequently end up with operating systems and applications code that hadn’t been updated for years. They’re hard to discover.

It took us a lot of time to build out those profiles and be able to accurately identify them from the traffic. It’s a sophisticated problem. The traditional process doesn’t serve well.

Sramana Mitra: I think some of these medical devices are intrusive. This is very sophisticated, complex, and risky.

Joe Lea: It’s terrifying. Like pacemakers that are connected. We can’t even release the vulnerabilities that are found in those for fear of somebody. It’s difficult to patch a pacemaker. We don’t even want to talk about some of the vulnerabilities that are there. We don’t want anybody to get the idea. Even more mundane things like the Amazon Echo has a 12-year old version of Linux that’s embedded. Those are hard to update. Amazon is a good company.

Our research team looked at those devices and that was the source of some of the BlueBorne vulnerabilities. The device manufacturers out there aren’t prioritizing security. We see various government regulatory attempts to jump onboard here and do something to encourage the device manufacturers to be better. Here in California, the IoT legislation SB-327 has come out. It’s well-intentioned but isn’t ultimately going to make these devices more secure.

Sramana Mitra: Interesting conversation. I find what you’re doing exciting. Thank you for your time.

This segment is part 5 in the series : Thought Leaders in Internet of Things: Joe Lea, VP of Product at Armis
1 2 3 4 5