Zero Trust is now a mandate for federal agencies. Called out in President Joe Biden’s May executive order and implemented through the CDM Program, all agencies now need to shift their security posture to align with Zero Trust principles.
In most articles about Zero Trust, you’ll read about the “journey” needed to move closer to this much-touted security mindset. While the shift from a “castle-and-moat” security approach to a “never trust, always verify” approach won’t be overnight, there’s one fundamental piece of the puzzle that — if not done well — will prevent your ability to start that journey: a comprehensive, always up-to-date asset inventory.
In the following, we’ll outline the evidence supporting our claim that the only way agencies can achieve the level of asset visibility and intelligence required to implement Zero Trust is to internally crowdsource data from their IT and security tools.
Agencies Lack the Visibility Needed for Zero Trust
Analyst firms ESG and MeriTalk reported this lack of asset visibility in a recent survey. Seventy-four percent of agencies surveyed reported a gap between what they could see about devices versus what they want to see.
Complete visibility into assets, users, devices, software, and cloud environments is necessary for the foundation of a Zero Trust posture.
Jeffrey Jones, vice director, command, control, communications, and computers C4/Cyber and deputy chief information officer at Joint Chiefs of Staff/J6, referred to this concept as “knowing your terrain” on a recent webinar with Axonius and MeriTalk.
“Knowing your terrain is one of the most important things we can do.”
Visibility clearly remains a challenge for federal agencies. Despite the variety of tools implemented, federal IT and security teams still struggle with visibility because it’s difficult to get centralized, actionable data from those tools.
Historically, agencies have attempted to obtain intelligence and visibility from existing tools. Despite the amount of data these tools provide, correlating that data requires significant resources, and still falls short of the asset intelligence needed. That’s because each tool has a limited view of the environment, and only knows what it can see. (For example, an endpoint agent can’t give you a list of the devices it’s not installed on).
As a result, many tools created "discovery add-ons" to improve visibility. Common examples we've seen include:
- NAC solutions (some with additional plugins)
- Network Scanners (plugins)
- Endpoint Security Agents - Rogue System Detection
- CMDB - Discovery Modules
The problem with these approaches is that each of these tools are limited to one methodology, which inherently lacks full visibility. Misconfigurations, connectivity and firewall issues, incomplete tapping of network traffic, and a myriad of other limitations can mean that assets are missed. In addition, many tools that focus on network devices or devices also miss valuable information about cloud instances (and vice versa).
But it’s worth stressing that this isn’t a shortcoming of these tools. Instead, it’s an inherent challenge caused by using a tool not meant for the job. If you’re looking to increase visibility, a microscope will give detail on the minute, a telescope will show you distant stars, but both show a specific view and not the whole picture.
Agencies we work with also report these tools can only integrate with a limited number of systems, pull a limited amount of data, and don’t deduplicate or accurately correlate assets.
Simply put, relying on one source of asset information is insufficient in today’s modern and complex federal IT landscape. With three-quarters of federal respondents still reporting visibility gaps, according to research from ESG and MeriTalk, it’s clear these approaches are failing federal agencies.
A cybersecurity asset management solution offers a unique approach to asset intelligence. Axonius helps agencies overcome these challenges through internally crowdsourced asset intelligence.
How Does Internally Crowdsourced Data Drive Asset Intelligence?
There’s no lack of tools in the typical federal IT environment. Individually, they all provide a piece of the puzzle. But to deliver the asset intelligence needed for Zero Trust, an engine that puts the pieces together is required.
Axonius enables agencies to crowdsource asset data from hundreds of existing IT and security tools. Our solution accurately correlates data from all sources, including:
- Directory and identity services
- Network infrastructure
- Cloud and virtual environments
- Endpoint security systems
- Endpoint management systems
- Vulnerability scanners
The average Axonius customer connects over 15 of their existing tools as data sources (and deployments take just one day).
Pulling all this data together from varied systems — and making it easily searchable — creates synergy. This helps deliver true asset intelligence for Zero Trust and beyond.
With a single source of truth for assets, agencies can run queries to discover and resolve any security gaps that may exist. This enables agencies to act proactively, ensuring their Zero Trust security posture is maintained.
The level of asset intelligence needed for Zero Trust can only be achieved with a crowdsourced, correlated asset inventory.
