Any historical account of 2020 is bound to wildly understate its absolute lunacy. Let’s just say it isn't the best.
But, as we round the corner to 2021, there’s one thing that IT and security teams can accomplish right now to put them in a better position for the year ahead: understanding what devices, cloud instances, and users they have, and whether everyone and everything is adhering to security controls.
Getting an Asset Inventory
We’ve heard it said multiple ways, but just this week a CISO told us:
"If I asked 10 people for the number of assets we have,
I'd get 14 answers."
One of our favorite tweets is:
CISO: How many windows hosts do we have?
— Jim Schwar (@jimiDFIR) February 8, 2018
AV Guy: 7864
Desktop Management: 6321
EDR Team: 6722
CMDB Team: 4848
SIEM Team: 9342
Getting an asset inventory isn’t easy because all the data around devices, cloud instances, and users live in disparate silos, and the data sources don’t talk to each other. What’s needed is an aggregator that can pull in the asset information, correlate it, and show exactly what's in the environment including:
- Managed vs. unmanaged devices
- Laptops, desktops, VMs, servers, and mobile devices
- Cloud instances
- IoT devices and other ephemeral devices
Every day, we talk to customers who are trying to:
- Satisfy the CIS Control #1 to get a hardware asset inventory
- Comply with NIST SP 800-171
- Meet the CIS Amazon Web Services Foundations Benchmark 1.2 and CIS Microsoft Azure Foundations Benchmark v1.1
- Comply with CMMC and the associated asset management mandates
The good news? All the information needed to meet these frameworks is already in the tools that IT and security teams are using, and Axonius customers are able to quickly get an asset inventory.
Continuous Controls Monitoring
Getting an asset inventory is the most basic – and fundamental – part of any cybersecurity program. The next step is understanding whether all of those assets adhere to or deviate from the overall security policy and security controls.
A few examples we see every day include:
- All Windows devices need to be in Active Directory and have an EPP agent installed
- All Macs need JAMF
- Every device needs to be enrolled in a device management platform
- All devices (except cloud instances) need to be in our CMDB
- Every asset (cloud and on-prem) needs to be scanned by our VA scanner
- Only Linux devices should be on a particular segmented network
These are just some of the basics. But the idea is to understand any time an asset shows up in the environment that doesn’t adhere to the expectations set by policy, and any time a state change means that a security control isn’t being met.
By connecting to the different sources of asset data with Axonius, customers are able to use queries to find any asset that doesn't fit their expectations. The value in continuous controls monitoring is in the “continuous” part: simply running point-in-time audits doesn’t match the speed of change.
Cloud Security Posture Management
One of the new categories we’ve heard a lot about is cloud security posture management.
Since more workloads are moving to the public cloud, security teams need a tool (or tools) to constantly monitor configuration details within their cloud environments. This helps ensure that what shouldn’t be public isn’t, and that other configuration options aren’t leaving cloud instances unnecessarily exposed to risk.
One good example mentioned above is the CIS Foundations Benchmarks for AWS and Microsoft Azure. The CIS Foundations Benchmarks include scored rules for public cloud environments, showing instances and accounts that deviate from security and configuration best practices.
Security Policy Enforcement
When you’re able to understand what assets are in your environment and which devices, cloud instances, and users adhere to or deviate from your security policies and controls, you’re able to pinpoint issues to be addressed.
(That’s another way to say you’ve created more work for your team.)
Sure, it’s valuable to identify things that need fixing. But being able to automate action is a lot better.
When Axonius customers get an asset inventory and understand how each device, cloud instance, and user deviates from their security policies, they can move on to creating automated enforcement sets to decide what should happen whenever a condition is met.
Here are the actions in the Axonius Security Policy Enforcement Center:
These are:
- Notify - Send an email, syslog, webhook, Slack message, and more
- Create Incident - Create an incident in a ticketing system like ServiceNow, Jira, Zendesk, or others
- Axonius Utilities - Tag a device or user in Axonius or add custom data
- Enrich Device or User Data - Enrich device or user data from third parties like Shodan, Censys, HaveIBeenPwned, and more
- Manage CMDB Entries - Create or update a computer in ServiceNow, Cherwell, or Jira
- Update VA Scanner Coverage - Add IPs to scanners like Qualys and Tenable
- Deploy Files and Run Commands - Deploy files and run Windows or Linux Shell commands, and run WMI or SSH scans
- Execute Endpoint Security Agent Actions - Use endpoint agents like Carbon Black, Cybereason, and others to isolate, unisolate, or run a scan
- Manage AD Services - Enable, Disable, or Update users and devices
- Manage AWS Services - Start, stop, or tag AWS services
- Manage Microsoft Azure Services - Add tags to Azure instances
With enforcement sets, Axonius customers can define a trigger and create whatever actions make sense for their environment and processes. From simple alerts to full automation, they can decide the level of automation that makes sense.
Let Me See
Sure, it’s easy to say that all of this can be accomplished before the end of 2020 to get the basics covered for 2021. Anyone can make that claim. Here’s how we can prove it to you.
First, here’s a short video that shows how Axonius gives customers a comprehensive asset inventory, uncovers security gaps, and automatically validates and enforces policies. In just about four minutes you get a full overview of the platform.
But vendors can pick and choose what to show in their videos, and with a little movie magic, you can make anything look easy.
Show Me
We often hear security and IT professionals say they're skeptical Axonius can work in their environment. Whether yours is a highly segmented, geographically dispersed, cloud-heavy, or massive environment, we’re always happy to show how Axonius works with some of the largest and most sophisticated organizations on the planet.
Request a demo here, and we’ll set up a call to show the platform and answer any of your questions.
Let Me Try It
Want to try Axonius on your own first? We have a free, 30-day cloud-based trial open to organizations in North America.
Request your free trial here and try Axonius in your own environment.
2020 is a beast, but you can get one easy cybersecurity win before 2021 with Axonius.