ARMIS CENTRIX™ / DARDEN
Partnered with AITG
// AITG × Armis Cyber Exposure Management

Unified Asset
Intelligence
across Darden.

See, protect, and manage 1,900+ restaurants — and the back-office that runs them.
Onsite April 29, 2026
ARMIS
AI AITG · Authorized Reseller
// Reference graph · Darden × Armis live model
42 nodes · 119 relationships pocketCISO-derived
01 / 18
SEE · PROTECT · MANAGE
02 · Open Discovery
AITG × Darden · Armis Centrix™
Open discovery in process

What we’ve heard so far — and where teams diverge.

Themes synthesized from precall conversations across IT, Security, and CIO leadership. Every team is mid-discovery; the ask below frames the onsite working session, not the final answer.

SEC · Security NET · Networking RST · Restaurant Svcs DC · Data Center DSM · BMC Helix MKT · Marketing
01

Centralized asset visibility & CMDB accuracy

SEC · NET · DSM
  • Full inventory across all environments: enterprise, restaurants, data centers, Azure.
  • Consolidate fragmented visibility: SCCM misses Linux/RedHat VMs, restaurant printers (zero today).
  • Feed BMC Helix CMDB with deduplicated, continuously verified records.
  • Granular hardware profiling — HP / Dell / multi-vendor by exact brand & model.
02

Security, segmentation & technical debt

SEC · NET
  • Discover unmanaged / rogue devices — the rogue Raspberry Pi scenario.
  • Validate guest-network isolation from private restaurant systems.
  • Identify EOL/EOS across hardware, software, and firmware.
  • Security gap analysis — surface coverage holes in existing tools.
03

Application dependency mapping

DC · DSM
  • CIO-level priority: tie endpoint or server outages directly to affected applications.
  • Migration & consolidation planning: what depends on what before we move it.
04

Leverage existing tools, don’t replace them

NET · SEC
  • FortiGate as collector in every restaurant — PCAP feed, no new sensors.
  • BMC Helix stays the management layer; Armis becomes the source of truth.
  • Azure / Microsoft, SCCM, Snow — integrate, enrich, push back.
05

Restaurants & storefront IoT

RST · SEC
  • Windows endpoints + printer accounts (printers have zero visibility today).
  • Red-dot visibility — per-asset agent & tool presence check.
  • HP WLC / Aruba integration for wired & wireless client mapping.
  • POS, KDS, kitchen IoT, refrigeration — rarely centrally managed.
06

Lifecycle, licensing & brand-facing tech

NET · DC · MKT
  • License expiration / EOL / EOS tracking via Snow enrichment.
  • Multi-tenant separation across all data centers + campus.
  • Brand experience: digital menu boards, kiosks, signage controllers — compromise becomes customer-visible.
02 / 18
OPEN DISCOVERY · STAKEHOLDER THEMES
03 · The Source of Truth
AITG × Darden · Armis Centrix™
Foundation

Four non-negotiables.
One asset reality.

Every Darden ask in discovery collapses into four foundational outcomes. Get these right and every downstream capability — segmentation, PCI, CMDB, lifecycle — operates on the same ground truth.

100%
Asset coverage
target
< 1m
Asset graph
latency
6.7B+
Cross-customer
baselines
01

Holistic asset visibility

Every device, every environment — IT, OT, IoT, cloud, unmanaged. No more blind spots.

ITOTIoTCloudUnmanaged
02

Technical debt, quantified

EOL / EOS exposure on hardware, software, firmware. Refresh budgets defended with evidence, not estimates.

EOLEOSFIRMWAREBUDGET
03

Tool validation & ROI

Are EDR, scanners, NAC actually deployed where they should be? Surface coverage gaps in seconds.

EDRSCANNERNACAGENT
04

Behavior & segmentation truth

Are assets behaving as expected? Are networks actually segmented? Continuous proof, not quarterly snapshots.

SEGMENTBEHAVIORPCIZERO TRUST
03 / 18
FOUR FOUNDATIONAL OUTCOMES
04 · Platform
AITG × Darden · Armis Centrix™
The Cyber Exposure Management Platform

Introducing Armis Centrix™

Seven purpose-built modules. One shared asset graph. Deployable independently, composable end-to-end.
ARMIS
CENTRIX
The Cyber Exposure Management Platform

Asset Management & Security

Complete asset inventory of all asset types.

M01

OT/IoT Security (SaaS & On-Prem)

See and secure OT/IoT networks and physical assets.

M02

Medical Device Security

Visibility and security for clinical assets.

M03

VIPR Pro — Prioritization & Remediation

Find risk, prioritize response, route to owners.

M04

Vulnerability Management Detection & Response

Continuous vuln detection, prioritization, response across all networked assets.

M05

Application Security

End-to-end app risk profiling: discover, contextualize, prioritize.

M06

Early Warning

AI-based early-warning alerts.

M07
04 / 18
PLATFORM OVERVIEW · 7 MODULES
05 · Module Topology
AITG × Darden · Armis Centrix™
The Cyber Exposure Management Platform

Introducing Armis Centrix™

Seven purpose-built modules sharing a single asset graph, intelligence engine, and policy plane — deployable independently, composable end-to-end.

// Architecture
Asset Graph
Unified · Real-time
Intelligence
6.7B+ devices
Policy Plane
Federated
Telemetry
Passive · Active
// Deployment
SaaS
Multi-tenant
On-Prem
OT/IoT only
Hybrid
Cross-domain
Connectors
API · Agentless
// Module Index
Total Modules
7
Shared Engine
AIE
Outcomes
See · Protect · Manage
[ Shared Asset Graph · 6.7B device intelligence ]
// Core

Armis Centrix™

Asset Intelligence Engine
v2026.02

Asset Management and Security

M01

Complete asset inventory of all asset types

FOUNDATIONSAAS

OT/IoT Security (SaaS and On-Prem)

M02

See and secure OT/IoT networks and physical assets

SAASON-PREM

Medical Device Security

M03

Complete visibility and security for all medical devices

HEALTHCARESAAS

VIPR Pro – Prioritization and Remediation

M04

Consolidate, prioritize and remediate security findings

WORKFLOWSAAS

Vulnerability Management Detection and Response

M05

Continuous vulnerabilities detection, prioritization and response cross all networked assets

VMDRSAAS

Application Security

M06

End-to-End Application Risk Profiling: Discover, Contextualize, and Prioritize

APPSECSAAS

Early Warning

M07

AI based Early Warning alerts

AISAAS
© 2026 Armis Inc. All Rights Reserved
05 / 18
FULL MODULE TOPOLOGY
06 · Challenges
AITG × Darden · Armis Centrix™
Why now

Armis addresses key challenges

Attack Surface Expansion

Continuously see, secure, defend & manage

Organizations must continuously see, secure, defend and manage a changing landscape of assets.

Risk Management

Prioritize what actually matters

The need to prioritize risks based on likelihood to be exploited, business impact and compensating controls.

Asset Inventory

An accurate, dynamic ground truth

Inability to create an accurate asset inventory can undermine an organization's entire risk management program.

Compliance Requirements

Report on governance & controls

Need to report on cybersecurity governance capabilities, procedures, and strategies.

06 / 18
KEY CHALLENGES
Part 02 · The Product
AITG × Darden · Armis Centrix™
PART 02 / 03 · INTRODUCING

The Product

Armis Centrix™ for Asset Management and Security
07 / 18
INTRODUCING · THE PRODUCT
08 · Architecture
AITG × Darden · Armis Centrix™
Our Platform

Data Sources

We gather data from hundreds of pre-built integrations in your existing solutions, deduplicate and rationalize it, providing you with a unified, authoritative and real-time view of all your existing assets.

Asset Intelligence Engine
6.7B+

Only Armis has a global asset intelligence engine of over 6.7 billion devices.

01

Integrations

  • Hundreds of pre-built integrations
  • Easy to deploy (API-based)
  • Rapid time to value
We gather data from hundreds of pre-built integrations in your existing solutions, deduplicate and rationalize it, providing you with a unified, authoritative and real-time view of all your existing assets.
02

Network Traffic Analysis

  • Deep packet inspection
  • Smart Active Queries
  • Telemetry
This is our capability to enrich asset data with network traffic analysis. Armis detection techniques include passive and smart active querying. We do this in a non-intrusive way, making sure we don't trigger any sensitive assets.
03

Asset Intelligence Engine

  • Crowdsourced, cloud-based
  • Billions of 'known good' baselines
  • Vulnerabilities, threats and risks
The Armis "secret sauce". We keep track of this metadata from all of our customers around the globe in our AI-driven asset intelligence engine.
08 / 18
OUR PLATFORM · DATA SOURCES
09 · Architecture
AITG × Darden · Armis Centrix™
Our Platform

Data Sources & Enforcement Architecture

SEE PROTECT MANAGE
// Ingest Plane · 01

Data Sources

Three ingest pillars feed a single deduplicated asset graph. Hundreds of pre-built integrations, passive + smart-active network analysis, and a crowdsourced intelligence engine — unified, authoritative, real-time.

v2026.02
01

Integrations

Hundreds of pre-built, API-based connectors. Easy to deploy. Rapid time to value.

  • EDR · MDM · CMDB
  • Cloud · Vuln · IAM
  • Firewall · NAC · WLC
  • Ticketing · SIEM
02

Network Traffic Analysis

Enrich asset data with passive deep-packet inspection and smart active queries — non-intrusive to sensitive assets.

  • Deep packet inspection
  • Smart Active Queries
  • Telemetry · Flow data
  • Protocol fingerprint
03

Asset Intelligence Engine

Crowdsourced, cloud-based AI engine. Billions of 'known good' baselines. Vulnerabilities, threats and risks.

  • Behavioral baselines
  • Risk scoring · CVE map
  • Make / model / firmware
  • Cross-customer signal
// AIE

Unified Asset Graph — deduplicated · real-time · authoritative

6.7B+
Devices
Sources
<1m
Latency
// Policy Plane · 02

Segmentation & Enforcement Matrix

Asset graph drives policy out to existing enforcement points. Map asset connections, identify bad segmentation, push rules to WLC / NAC / firewalls, alert on traffic and segmentation violations.

zone × control
Zone ↓ / Control →
Discover
Policy
Enforce
Alert
Enterprise
AGENTLESS
EDR · CMDB · AD sync
NAC
Role-based VLAN
FW + WLC
Push rule sets
SIEM
Drift & rogue
Restaurants
FORTIGATE
Collector mode
SEGMENT
Guest ↔ POS isolate
FORTIGATE
Per-site rule push
RT VIOL
Lateral move
Data Center
SPAN/PCAP
DPI · flow
EAST/WEST
Tier isolation
FW
L4/L7 rules
ANOMALY
Behavior delta
Azure / Cloud
CLOUD API
Resource graph
NSG
Identity-aware
CLOUD FW
Subnet · tags
CONFIG
Posture drift
Guest WiFi
WLC
SSID telemetry
ISOLATE
Verify segregation
WLC
Quarantine
CROSS-VLAN
Bridging detect
// Control Coverage · 5 zones × 4 controls
Native Integrated Partner
09 / 18
DATA SOURCES · ENFORCEMENT MATRIX
10 · Compliance
AITG × Darden · Armis Centrix™
PCI DSS v4.0 · cross-cutting

Six requirements. One control plane.

Continuous scope validation across 1,900+ restaurants — the quarterly scramble becomes an always-on posture.

Req.
What it asks for
How the unified layer delivers
12.5.1
Inventory of in-scope system components
Continuous, deduplicated inventory of every device touching cardholder data — replacing spreadsheets that go stale in days.
11.2.1
Detect unauthorized wireless access points
Continuous airspace monitoring across all restaurants. Rogue APs and personal hotspots flagged without quarterly walkthroughs.
1.4.x
Network controls between trusted & untrusted
Classification feeds Fortinet-enforced policy — provably isolates the CDE from guest Wi-Fi, kitchen IoT, and back-of-house.
5.3.x
Anti-malware on all in-scope systems
Verifies CrowdStrike coverage. Surfaces in-scope systems missing the agent — the most common audit finding.
6.3.x
Identify and manage vulnerabilities
Infrastructure findings, Veracode app-sec, and cloud misconfigs — one queue, scored by exploitability and criticality.
10.x
Log and monitor all access
Asset and user context into the SIEM on every alert — investigations close in minutes, not console pivots.
10 / 18
PCI DSS v4.0 · ALWAYS ON
11 · Integrations
AITG × Darden · Armis Centrix™
Darden's stack, extended

Native today. Bridged where it isn't.

Azure scoped to native-Armis Microsoft set (Sentinel · Entra · AD · Azure VMs · DevOps). Fortinet firewall-led; FortiManager / FortiNAC / FortiSASE flagged as coverage hedge. SIEM stays vendor-agnostic — investigation use cases are the same regardless of which SIEM Darden runs.

// Native · Security & Networking core12 of 22

Tools Darden owns — extended out of the box.

Bidirectional or PCAP-feed integrations. Zero build-out.

CrowdStrikeSECBidirectional API · Marketplace
Fortinet · FortiGateNETPCAP feed · collector mode
Fortinet · FortiManagerNET · hedgePolicy orchestration
Fortinet · FortiNACNET · hedgeBidirectional · dynamic NAC
ZscalerSECNative API
VeracodeSECNative API · VIPR Pro
Microsoft SentinelNET · hedgeMarketplace · custom log tables
Microsoft Entra IDNET · hedgeNative API
Microsoft ADNET · hedgeNative API
Microsoft Azure VMsNETNative API
Microsoft Azure DevOpsNET · hedgeNative API · VIPR Pro
SIEM (vendor-agnostic)SECNative — depends on SIEM
// Native · Restaurant · DSM · cross-team6 of 22

Operational coverage across the rest of the stack.

Helix CMDB, HP/Juniper wireless, Snow lifecycle. Hedges noted.

BMC Helix CMDBDSMBidirectional
HP · WLC + APsRSTNative API
Juniper MistSECNative API
Snow SoftwareConfirm onsiteBidirectional
Microsoft / Azure — broader catalogNET · hedgeNative within Armis-supported set; rest fall back to SIEM-mediated correlation
Fortinet · FortiSASENET · hedgeListed for completeness — confirm onsite
// Vendor-published & non-native4 of 22

Where the integration isn't out of the box.

Each row names the build-out method. Most route through SIEM correlation; no separate connector required.

PrometheusNET · non-nativeBuild-out: SIEM-mediated bridge
DellRST · non-nativeBuild-out: passive discovery + CMDB enrichment
AkamaiSEC · no nativeConfirm onsite; Guardicore Segmentation = consolidation candidate
ProofpointSEC · no nativeBuild-out: SIEM correlation — no separate connector
11 / 18
INTEGRATIONS · 22 ENTRIES
12 · NDR
AITG × Darden · Armis Centrix™
Capability

Network Threat Detection and Response

Reduce SOC investigation time with continuous, multi-method analysis of network traffic — and a complete forensic timeline for every device.

01

Detect threats and abnormal activity

Continuously analyze the network traffic using multiple methods.

  • Behavioral analytics
  • Signatures identification
  • Rule-based matching
02

Collect Forensic Data

Investigate a device's network activity timeline before, during and after an incident.

Reduce SOC investigation time

Outcome: faster mean-time-to-respond and lower analyst workload across the security operations center.

12 / 18
NETWORK THREAT DETECTION & RESPONSE
13 · Segmentation
AITG × Darden · Armis Centrix™
Capability

Segmentation and Enforcement

Enrich existing network enforcement infrastructure with asset-aware policy — without ripping and replacing what's already deployed.

  • 01Map asset connections and communication routes
  • 02Identity bad network segmentation
  • 03Push enforcement rules to WLC, NAC and firewalls
  • 04Get alerts for traffic and segmentation violations
// Featured · Native segmentation

Enforced through Fortinet — at every restaurant.

Asset classification, communication mapping, and policy creation happen in Armis. Enforcement flows through Darden's existing FortiGate footprint — eliminates the need for a separate host-based segmentation product.

Likely consolidationAkamai Guardicore
NoteDC east-west on shared VLANs · separate review
13 / 18
SEGMENTATION & ENFORCEMENT
14 · Outcomes
AITG × Darden · Armis Centrix™
In summary

One asset reality. Six measurable wins.

What Armis unlocks once it's the source of truth feeding every team's existing tooling.

01 · Compliance

PCI DSS v4.0 posture

PCI DSS v4.0 posture that holds up every day of the year — not just before the audit.

→ measurable
02 · Segmentation

Zero Trust at the store edge

Enforced through the Fortinet firewall footprint already in every restaurant.

→ measurable
03 · Response

SIEM investigations in minutes

Asset and user context already on every alert — no console pivots.

→ measurable
04 · CMDB

A Helix CMDB teams trust

Fed by continuously verified reality, not stale records.

→ measurable
05 · Lifecycle

EOL / EOS exposure quantified

Refresh budgets defensible with evidence, not estimates.

→ measurable
06 · Spend

Tool sprawl collapsed

One control plane retires overlap, shadow tooling, and dashboard duplication.

→ measurable
14 / 18
WHAT ARMIS UNLOCKS
15 · Recognition
AITG × Darden · Armis Centrix™
Validation

Recent Analyst Accolades and Awards

Armis is included in 40+ analyst reports in the past 12 months.

Analyst Report

Industry Recognition

2025–2026
Analyst Report

Cyber Exposure Management

2025–2026
Analyst Report

Asset Intelligence

2025–2026
Industry Award

OT / IoT Security

2025–2026
Industry Award

Vulnerability Management

2025–2026
Analyst Report

Medical Device Security

2025–2026
Analyst Report

Network Detection & Response

2025–2026
Industry Award

Application Security

2025–2026
Analyst Report

Early Warning / AI

2025–2026
Sources

www.armis.com/awards
www.armis.com/about/
analyst-relations/

Reference
15 / 18
RECOGNITION · 40+ ANALYST REPORTS
16 · Use-Case → Graph
AITG × Darden · Armis Centrix™
// Open discovery in process · use-case map

14 use cases. One shared graph.

Every divisional ask from discovery resolves into one or more nodes on the reference graph (next slide). Color = primary team owner; arrows on the graph show how data flows out to the rest of the org.

01

Network segmentation validation

SECNETRST
→ Fortinet FortiGate · Segmentation Policy
02

Rogue / unauthorized device discovery

SECRSTNET
→ Asset Inventory · M01
03

Technical debt: EOL / EOS / firmware

NETDCRSTDSM
→ Lifecycle · M05
04

EDR / scanner / NAC coverage gaps

SECDSM
→ CrowdStrike · M01
05

BMC Helix as system of record

DSMNETSECDC
→ BMC Helix CMDB · M01
06

Application dependency mapping

DCDSMSEC
→ Veracode · M06
07

Restaurant fleet — POS, KDS, printers

RSTSEC
→ HP WLC · M02
08

HP / Aruba wireless visibility

RSTNET
→ HP WLC · M01
09

FortiGate-as-collector everywhere

NETSEC
→ Fortinet FortiGate · M02
10

Multi-tenant DC + campus separation

DC
→ Asset Inventory · M01
11

Brand-facing tech: menu boards, kiosks

MKTSECRST
→ M02 · Asset Inventory
12

Cross-stack vuln prioritization

SECDCDSM
→ Veracode · M04 · M05
13

SIEM correlation w/ asset+user context

SECDSM
→ SIEM · M01 · M07
14

PCI 11.2.1 — rogue AP detection

SECRSTNET
→ Compliance · M01
16 / 18
USE-CASE → GRAPH NODE MAP
17 · Reference Graph
AITG × Darden · Armis Centrix™
// Darden × Armis · graph

How the asset graph re-wires Darden's stack.

pocketCISO-derived graph model. Each Darden tool feeds the Armis Asset Intelligence Engine and is enriched back. Data domains flow out to every team that consumes them — surfacing where ownership concentrates, where the same data lifts multiple teams, and where coverage is thin.

// Node types
Team
Armis module
Existing tool
Data domain
// Edge types
OWNS team → tool
INTEGRATES_WITH tool → module
FEEDS tool → data
ENRICHES module → tool (push-back)
SHARED_WITH data → team
// Insight markers
vendor-published / build-out
no native — confirm onsite
team owns no tool (gap)
42 nodes · 119 relationships ·
built from the integrations and divisional sections of this deck.
MKT owns no tools — pure consumer of asset/compliance data.
NET concentrates ownership of Microsoft and Fortinet stacks.
17 / 18
POCKETCISO-DERIVED · DARDEN × ARMIS REFERENCE
18 · Close
AITG × Darden · Armis Centrix™
Next step

Onsite working
session.

See, protect and manage Darden's entire attack surface — together with AITG and Armis.
EngagementDarden Restaurants
PartnerAITG · Authorized Reseller
DateApril 29, 2026

What we'll cover onsite

Use cases
Walk through the divisional asks; map each to module(s)
Integrations
Confirm Snow / FortiSASE ownership; scope vendor-published path
PCI v4.0
Validate scope inventory across all 1,900+ restaurants
Consolidation
Akamai Guardicore via FortiGate — feasibility
Reseller
AIAITG · Authorized Reseller
18 / 18
SEE · PROTECT · MANAGE