Sun Tzu and AI: Cybersecurity for the Digital Battlefield

This timeless wisdom from Sun Tzu’s The Art of War has guided military leaders for centuries. Today, as digital threats multiply and the cyber battlefield grows more complex, Armis Federal applies this principle, amplified by artificial intelligence (AI), to revolutionize cybersecurity for the U.S. Department of Defense (DoD) and beyond.

The Modern Cyber Battlefield: Unseen Terrain, Unknown Enemies

In the kinetic world, key terrain, like the bridge in Saving Private Ryan, is well-mapped and fiercely defended. In cyberspace, however, the terrain is vast, dynamic and often invisible. 

Military networks have evolved over decades, accumulating a labyrinth of devices: legacy systems, Internet of Things (IoT) gadgets, operational technology (OT), and medical devices. Many of these endpoints are unknown, untracked or forgotten. This creates blind spots that adversaries exploit.

Joe Wingo, Director of Strategy for Armis Federal and retired Air Force colonel, frames the challenge simply: “The problem is, not only do we not even know where our key terrain is, we don’t even have good maps.” 

Knowing your own network—every device, every connection, every vulnerability—is the first step to cyber defense. Yet, according to Wingo, most organizations lack this “deep asset intelligence,” the digital equivalent of situational awareness on a physical battlefield.

Knowing Yourself: Deep Asset Intelligence

Armis Federal addresses the deep asset intelligence gap with a relentless focus on asset visibility. The company’s platform delivers real-time, comprehensive situational awareness across all networked devices-IT, OT, IoT and even medical equipment. 

In military hospitals, for example, Armis has found that each patient bed is surrounded by an average of 14 connected devices, many of which remain unpatched or vulnerable. These devices represent both mission-critical assets and potential entry points for adversaries.

Deep asset intelligence means more than an inventory; it’s about understanding:

• What devices are present, and where
• Who and what they communicate with
• What software and firmware they run
• Their current vulnerabilities and patch status
• Behavioral baselines and anomalies

Armis achieves this holistic, persistent visibility without intrusive scans or endpoint agents. Instead, it passively monitors network traffic at the packet header level, integrating with existing security tools to correlate and enrich asset data in real time.

Knowing the Enemy: Vulnerability and Threat Intelligence

Sun Tzu’s second imperative is to “know your enemy.” In cybersecurity, this translates to actionable threat and vulnerability intelligence. 

Armis Federal’s AI-driven platform continuously scours the dark web and deep web in over 200 languages, tracking adversary chatter, weaponized exploits and emerging tactics, techniques, and procedures (TTPs).

Crucially, Armis fuses this threat intelligence with its deep asset knowledge. When a new vulnerability is weaponized—say, an exploit targeting a specific security camera firmware—the system instantly checks if any such devices exist on the protected network, assesses potential exposure and prioritizes remediation. 

This evidence-based, context-aware approach ensures that military system defenders focus on the 5% of vulnerabilities that are actively exploited, rather than wasting resources patching the 95% that are not.

Persistent Visibility: Moving Beyond Scan-Based Security

Traditional asset discovery relies on periodic network scans, which are quickly outdated and incomplete. Armis Federal’s approach is fundamentally different: persistent, passive monitoring provides a real-time, always-current map of the cyber terrain. This “drains the ocean,” revealing the full iceberg of managed and unmanaged devices-IT, OT, IoT, and everything in between.

This persistent visibility is especially critical as adversaries increasingly target the “soft underbelly” of networks: IoT and OT devices that often escape traditional security controls. By making the invisible visible, Armis empowers defenders to deny adversaries the footholds they seek.

From Data to Decision: Operationalizing Information with AI

The deluge of data remains a core challenge in cybersecurity. “Having data is not knowing,” Wingo emphasized. Rather, he said, knowledge emerges when data is contextualized, correlated and presented in a way that operators can act on—at the right time, in the right format.

Armis Federal leverages over 30 AI and machine learning (ML) engines, trained on a global knowledge base of more than 5 billion devices. These engines:

• Fingerprint every device type and baseline its normal behavior
• Correlate asset data with live threat intelligence
• Present “decision quality” information to operators, tailored to their role and mission
• Automate the prioritization and orchestration of defensive actions

This AI-powered fusion enables what military strategists call a “decision advantage”—the ability to outpace adversaries in the observe-orient-decide-act (OODA) loop. 

By automating data collection, correlation and presentation, Armis frees up cyber operators to focus on high-value tasks: defending the mission, not building PowerPoint slides.

Integrating and Orchestrating Security Across the Enterprise

Modern military and federal environments are heterogeneous, with a patchwork of security tools and platforms. Armis Federal integrates seamlessly with existing solutions—CrowdStrike, Microsoft Defender, Tenable, Siemens, Rockwell, Honeywell, and more—to consolidate all asset and threat data into a single source of truth.

This integration enables:

• Out-of-band validation of asset status (e.g., identifying devices missed by other tools)
• Unified risk scoring, factoring in both vulnerability and asset criticality
• Automated workflows for patching, segmentation and incident response

The result is a force-multiplier: fewer manual processes, less operator fatigue and faster, more informed decision-making.

Enabling Zero Trust and Proactive Defense

Zero Trust is the new gold standard for federal cybersecurity, and Armis Federal is a critical enabler of this paradigm. By mapping its capabilities across the DoD Zero Trust framework, Armis provides coverage for 60-65% of required controls, with ongoing expansion into secure remote access and threat mapping.

Key contributions include:

• Real-time asset discovery and compliance mapping
• Microsegmentation support through device and asset intelligence
• Dynamic threat path analysis to prioritize defenses where they matter most

By shifting from reactive to proactive defense—anticipating and blocking attacks before they succeed—Armis Federal is helping the DoD move “left of boom” to secure the digital battlespace before adversaries can exploit it.

Scalable, Secure and Mission-Ready

Armis Federal’s SaaS-first model ensures rapid, cost-effective deployment across vast, distributed environments. For classified or air-gapped networks, on-premises options are available, with ongoing development for higher security levels (IL 6/7 and beyond). The platform’s scalability and flexibility make it suitable for every mission, from securing laptops and heart monitors in military hospitals to protecting critical infrastructure and operational technology worldwide.

Putting Operators Back on Mission

Perhaps the greatest value of Armis Federal’s AI-powered platform is the force it returns to the fight. By automating data collection, correlation and reporting, Armis frees cyber operators from mundane tasks and allows them to focus on defending the mission, not wrangling spreadsheets.

As Wingo put it, “This is an exceptionally elegant way to let AI do that for you… so you can put those people back on mission, doing critical work that operators need to do, actually making decisions to thwart adversaries.”

Achieving the Sun Tzu Advantage in Cyberspace

Sun Tzu’s ancient counsel remains incredibly relevant in the digital age: knowing yourself—every device, every vulnerability, every connection; knowing your enemy—their tools, their tactics, their intentions; and fusing that knowledge, at speed and scale, to achieve decision advantage.

Armis Federal harnesses the power of AI to deliver persistent visibility, actionable intelligence and proactive defense for the nation’s most critical networks. As the cyber battlefield constantly shifts, Armis ensures that defenders are always one step ahead, prepared for a hundred battles… and ready to win them all.

This article was based on a Carashoft Vendor Partner Executive Briefing at SOF Week 2025.

By: Dawn Zoldi (Colonel USAF Ret.)