Have you ever looked at a live citywide traffic map during rush hour and thought, “That’s a lot of data”? These maps contain so many small car icons that it’s hard to differentiate one car from another. Following a single car’s path along its route, well, that’s nearly impossible. Tie in the “danger zones,” the roadways marked in red or yellow/orange to denote slowdowns and stopped traffic, or the construction zones and closed roads, and it’s a jumble of information.
That said, if you’re planning a road trip, it might be helpful to make sense out of the mess. That could mean watching to see how cars traveling from one general location to another are progressing. It might mean studying traffic patterns to see if they’re the same every day or if they change over time. You may want to investigate whether slightly changing the route helps ease traffic congestion or if it results in backups elsewhere, and identify locations where accidents or other traffic anomalies are likely to occur.
If this is sounding a lot like a network topology map, it’s no coincidence. Network mapping and other network traffic analysis and monitoring techniques are phenomenal IT and security tools to use to account for what’s going on on your network. However, just analyzing the traffic and patterns isn’t enough. Looking at static asset data from a historical perspective is useful, but it can’t tell the same story as a timeline of aggregated changes to an asset or grouping of assets. Furthermore, looking at a timeline of grouped asset changes allows for identifying vulnerabilities, new and old, misconfigurations, policy gaps, and other interesting asset-related events that may be noteworthy.
Returning to our auto traffic analogy, we’re talking about things like: What is the state of individual cars on the road? How many cars are in bad shape and likely to break down in traffic? What are the states of the drivers: Is someone driving while impaired? What other attributes have been introduced on the roadways that make it hard to navigate a route safely, like items fallen off a flatbed truck or a tree that’s fallen into the road?
With networks, the analogy includes things like device hygiene, out-of-date security patches, CVEs, “invisible” assets like short-term cloud instances and container images that weren’t operational during a network/vulnerability scan, overly permissioned accounts, missing security agents, and more. This is all information security and operations teams need to know to properly manage their security risk, and it’s all predicated on understanding the asset landscape and related vulnerabilities.
This is why cyber asset attack surface management (CAASM) is so important — it goes beyond understanding what is currently on your networks and communicating. CAASM looks at individual assets, their security state, and allows users to adjust assets, controls, policies, and enforcement actions based on current state, historical trends, and patterns.
For these reasons, Axonius is announcing a new feature: Enhanced asset investigation. The current cybersecurity asset management product has always included the ability for our customers to track specific assets and their attributes. But just like a traffic map, looking at one device, user, cloud instance, or other system information in isolation only paints a part of the picture.
Asset investigation allows Axonius customers to understand not only what’s happening on their networks at any given time, but also look back at assets and the state of those assets over time. It provides the ability to see groups of assets — for example, all mobile iOS devices, all users tied to a specific Active Directory group, and all servers with a certain build — and identify trends and patterns to:
Watching these changes over time and across fleets or grouping of assets provides the basis for threat investigation and contextualization, the latter of which is absolutely necessary if the organization wants to prioritize and triage the most likely or impactful cybersecurity events.
The new asset investigation feature allows Axonius users to:
Because looking at assets in silos doesn’t provide the entire perspective. It also allows operators to passively search for and research asset-related events quickly and easily, without having to toggle between asset records and screens — there’s now a good place to see bigger trends. The ability to dig deep into individual assets is still available — that’s an extremely valuable operation, especially when an asset is posing a threat to the organization. Now, however, asset investigation gives users the organizational perspective that’s necessary to formulate strategies that reduce asset-based risk over time.
From a technical perspective, users will be able to run queries on assets they want to investigate and see details about each asset, values added, values removed, and connect the dots for better investigation experiences across different assets.
(Axonius Asset Investigation View)
Common use cases for the new asset investigation functionality include:
Enhance asset management capabilities
Triage security events
Align with audit and compliance needs
The goal of asset investigation is to provide Axonius customers with the ability to examine assets, using queries, to:
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010
.png "Dan Trauner blog quote")
