Any historical account of 2020 is bound to wildly understate its absolute lunacy. Let’s just say it isn't the best.
But, as we round the corner to 2021, there’s one thing that IT and security teams can accomplish right now to put them in a better position for the year ahead: understanding what devices, cloud instances, and users they have, and whether everyone and everything is adhering to security controls.
Getting an Asset Inventory
We’ve heard it said multiple ways, but just this week a CISO told us:
"If I asked 10 people for the number of assets we have, I'd get 14 answers."
One of our favorite tweets is:
CISO: How many windows hosts do we have? AV Guy: 7864 Desktop Management: 6321 EDR Team: 6722 CMDB Team: 4848 SIEM Team: 9342
Getting an asset inventory isn’t easy because all the data around devices, cloud instances, and users live in disparate silos, and the data sources don’t talk to each other. What’s needed is an aggregator that can pull in the asset information, correlate it, and show exactly what's in the environment including:
All Windows devices need to be in Active Directory and have an EPP agent installed
All Macs need JAMF
Every device needs to be enrolled in a device management platform
All devices (except cloud instances) need to be in our CMDB
Every asset (cloud and on-prem) needs to be scanned by our VA scanner
Only Linux devices should be on a particular segmented network
These are just some of the basics. But the idea is to understand any time an asset shows up in the environment that doesn’t adhere to the expectations set by policy, and any time a state change means that a security control isn’t being met.
By connecting to the different sources of asset data with Axonius, customers are able to use queries to find any asset that doesn't fit their expectations. The value in continuous controls monitoring is in the “continuous” part: simply running point-in-time audits doesn’t match the speed of change.
Since more workloads are moving to the public cloud, security teams need a tool (or tools) to constantly monitor configuration details within their cloud environments. This helps ensure that what shouldn’t be public isn’t, and that other configuration options aren’t leaving cloud instances unnecessarily exposed to risk.
One good example mentioned above is the CIS Foundations Benchmarks for AWS and Microsoft Azure. The CIS Foundations Benchmarks include scored rules for public cloud environments, showing instances and accounts that deviate from security and configuration best practices.
Security Policy Enforcement
When you’re able to understand what assets are in your environment and which devices, cloud instances, and users adhere to or deviate from your security policies and controls, you’re able to pinpoint issues to be addressed.
(That’s another way to say you’ve created more work for your team.)
Sure, it’s valuable to identify things that need fixing. But being able to automate action is a lot better.
When Axonius customers get an asset inventory and understand how each device, cloud instance, and user deviates from their security policies, they can move on to creating automated enforcement sets to decide what should happen whenever a condition is met.
Here are the actions in the Axonius Security Policy Enforcement Center:
Notify - Send an email, syslog, webhook, Slack message, and more
Create Incident - Create an incident in a ticketing system like ServiceNow, Jira, Zendesk, or others
With enforcement sets, Axonius customers can define a trigger and create whatever actions make sense for their environment and processes. From simple alerts to full automation, they can decide the level of automation that makes sense.
Let Me See
Sure, it’s easy to say that all of this can be accomplished before the end of 2020 to get the basics covered for 2021. Anyone can make that claim. Here’s how we can prove it to you.
First, here’s a short video that shows how Axonius gives customers a comprehensive asset inventory, uncovers security gaps, and automatically validates and enforces policies. In just about four minutes you get a full overview of the platform.
But vendors can pick and choose what to show in their videos, and with a little movie magic, you can make anything look easy.
We often hear security and IT professionals say they're skeptical Axonius can work in their environment. Whether yours is a highly segmented, geographically dispersed, cloud-heavy, or massive environment, we’re always happy to show how Axonius works with some of the largest and most sophisticated organizations on the planet.
Request a demo here, and we’ll set up a call to show the platform and answer any of your questions.