This post appears as part of “The Axonian Perspective” blog series. Each month, Axonius employees share how specific experiences at previous organizations have shaped their perspectives, what they learned, and how they’re applying these lessons to the want they work today.
This month, we’re hearing from Christopher Rodgers, senior account technical manager. Read more below.
Scene: Dark And Stormy Friday Night — 2018
Late one Friday night, I received a text from my then-CISO. He had heard about a zero-day on one of the organization’s network devices. If a certain model, version, and setting was configured, a threat actor would be able to slip in. This could be a terrible attack if we were breached.
At the time, I led the vulnerability management team, and my CISO wanted to know if our VM tool showed this specific vulnerability on a zero-day threat. The bulletin he texted me about was released on a Thursday. We were doing vulnerability scans at the time, and we had not scanned for this specific zero-day yet. Our organization was agent fatigued — we only had appetite for less intrusive scans.
Our network engineer said he would have to check each device manually. He asked why we couldn’t run a scan to tell him what was misconfigured. There were hundreds of devices to look through, and I had no answers for my CISO.
Approvals were had. Scans commenced. In six to 12 hours, we would have results of vulnerability scans (providing the vuln ID loaded correctly and there weren’t scan issues). We had to work into the night to know the organization was secure. After many hours, we found we were indeed secure.
It was a long Friday night that should never have been so long.
Scene: Undisclosed Government Location — 1990
Increasingly, we are being faced with complex issues that require us to not just look for a vulnerability, but view the entire organization. That is not always an easy task.
In the early 1990s, the U.S. military realized it was situationally dealing with more complex problems. The threats of the past had evolved. The military needed a system to predict solutions easier. It ended up coining an acronym, “VUCA” to help understand the full scope of problems.
VUCA is broken down into:
Volatility: How rapidly does information change?
Uncertainty: What surprises and unknowns exist?
Complexity: What influences make up your market?
Ambiguity: Do you know what to do with the information?
Scene: Axonius Hq, New York, New York — Present Day
Especially in the last decade, the need to predict attacks from adversarial foes has become a serious reality. Given the complexity of organizational structure and data management, we have looked to many leadership and strategic models to support private sector infosec and asset management landscapes.
Traditionally, many organizations approach problems with a method that requires a different team for each group:
These teams all work together — but their data is often siloed in different tools.
With Axonius, we believe we can help teams answer the fundamental questions listed above seamlessly across business units.
Volatility: Axonius provides real-time insights by connecting to the tools that you use and having them report as fast or slow as you would like them to. Because we connect to the source as soon as the pull happens, we are able to dynamically add and subtract assets an overall view to turn volatility into vision.
Uncertainty: Understanding the whole picture is tough. To do it right, you need the details.
By connecting to each individual tool through the interface management system, we pull a more dynamic view of devices than most tools do. No more having teams argue false positives when both tools data points are noted in the inventory. By bringing the data together, we turn uncertainty to understanding.
Complexity: Axonius connects to all the tools you use and correlates the data to get a full understanding of system interconnectedness, giving you a single pane of glass. We have over 350 adapters and are adding every day. We are able to show you when a tool is not connecting properly so you don’t have to worry about audits. You can follow the trail easily and make complexity become clarity.
Ambiguity: You have all the information — but sometimes it is tough to know what to do with it.
With the Axonius Enforcement Center, you can create actions to automatically apply adjustments and issue actions. By building logical rulesets, you can create tickets, update CMDB assets, deploy files, and manage cloud services automatically. Axonius empowers you to go from ambiguity to agility.
In retrospect, if we had Axonius on that late Friday evening at my previous company, we would have had the network device information noted — as well as any vulnerability information. We could have gotten ahead of the curve by identifying what the VM tool should see and report accordingly.