Despite the amazing and futuristic progression of technologies in cybersecurity, it’s still incredibly hard to answer the most basic of questions like: how many assets do I have, and do they adhere to my security policy? Somewhere along the line, asset management became very mundane compared to the other initiatives we’re responsible for in cybersecurity. Yet everything in cybersecurity lies on a foundation of understanding our devices, cloud instances, users, and the solutions that cover them.
So why is asset management—a problem that has persisted for decades—still an issue in 2019? Today, we look at why asset management remains a challenge, the Axonius approach to cybersecurity asset management, and how integrations with several Microsoft technologies are key to solving the problem and delivering value to organizations around the world.
The cybersecurity solution paradox
The more devices you have, the more solutions you implement to manage and secure them. Although one might think that the more security and management solutions at an organization the better, that’s not always the case. We call this the cybersecurity solution paradox: the idea that the more solutions you have, the harder it actually becomes to get answers to very basic questions. All of the information exists in separate silos, making it more difficult to aggregate the data, correlate it, and derive context and meaning.
Watch this short video outlining today’s asset management challenge.
The Axonius approach
If we were to outline an approach to asset management, we’d want a product to:
- Understand which assets are unmanaged—Those devices and cloud instances not being managed or secured by the tools outlined in our security policies.
- Understand which managed assets are missing agents—For example, which Windows 10 devices are missing an endpoint agent?
- Discover new devices—Any time a new device hits the network, we’d want to know whether it adheres to our security policies.
- Give context—If our security operations team gets an alert about a device, we would want to understand what the device is, what’s installed, its patch level, known vulnerabilities, which users have signed in, etc.
To get this information, a product would need to be very simple, agentless, and it would:
- Connect to every security and management solution that knows about assets.
- Collect and normalize all relevant asset and user information.
- Correlate the information to know that every asset is unique.
- Understand the relationship between users, devices, cloud instances, and the solutions that manage and secure them.
- Give customers a credible, comprehensive asset inventory—We include every desktop, laptop, mobile device, virtual machine, server, cloud instance, and IoT device that is managed and unmanaged, cloud or on-premises.
- Uncover security solution coverage gaps—Using pre-built and custom queries, customers can understand how every asset stacks up against their policies.
- Automatically validate and enforce security policies—Customers can create automated enforcement sets to take action whenever assets do not adhere to their security policies.
Axonius is integrated with Microsoft Intune and Azure Active Directory (Azure AD), core products in the Microsoft Intelligent Security Association (MISA). To help customers better understand exactly what assets they have and whether their assets and users adhere to their security policies, Axonius builds upon Intune by connecting to networking gear itself to learn about assets that aren’t being managed. If your policy states that every mobile device needs to have another security or management solution, Axonius can easily identify those devices that aren’t being protected.
Let’s look at two specific examples that show how Axonius customers use integrations with Microsoft to solve their asset management challenges.
How Appsflyer uses Axonius for better asset management
When Guy Flechter, joined mobile attribution and analytics leader AppsFlyer in January 2018 as their chief information security officer, he began implementing a wide-ranging cybersecurity program to protect his heterogenous environment. After implementing the best security tools for every device type, the AppsFlyer team realized that they needed an automated way to ensure that every device had the required solutions installed, and that users had the correct permissions to adhere to the overall security policy.
“We needed an easy and automated way to have clear visibility into which agents were missing from each device, and a way to know when users had rights that conflicted with our security policies. For example, I want to immediately see all Windows devices missing an endpoint agent and unmanaged devices in various VLANs. These are really foundational elements of any cybersecurity program, and there were no good ways to get the answers,” said Flechter.
Using simple queries in Axonius, Flechter was able to get this level of visibility in minutes:
Moving from configuration manager to Intune: No device left behind
As part of their initiative to be nimble and cloud first, AppsFlyer wanted to move from on-premises Microsoft System Center Configuration Manager (ConfigMgr) to Intune, yet the team needed a way to make sure that no devices were left behind. Using queries from Axonius, Flechter was able to easily monitor the switch to Intune and could prioritize which assets should be moved and in what order. Watch this video to learn more.
Understanding user permissions
In addition to devices, Axonius customers are able to understand how each user compares to the overall security policy. Using information from Active Directory, Azure AD, and other IAM providers, customers are able to understand whenever a user account deviates from what is expected.
Example query showing users with bad configurations.
To learn more about how the Axonius cybersecurity asset management platform and its many integrations with Microsoft and other leading security and management providers can help your organization, visit Axonius.com. Also, visit the MISA website to learn more about how top security companies are partnering with Microsoft to defend against increasingly sophisticated cyberthreats.
Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with more than 130 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately. Covering millions of devices at customers like the New York Times, Schneider Electric, and AppsFlyer, Axonius was named the Most Innovative Startup of 2019 at the prestigious RSAC Innovation Sandbox and was named Rookie Security Company of the Year by SC Magazine. For more visit Axonius.com.
READ MORE HERE