- Use Cases
This post appears as part of “The Axonian Perspective” blog series. Each month, Axonius employees share how specific experiences at previous organizations have shaped their perspectives, what they learned, and how they’re applying these lessons to the want they work today.
This month, we’re hearing from Christopher Rodgers, senior account technical manager. Read more below.
Late one Friday night, I received a text from my then-CISO. He had heard about a zero-day on one of the organization’s network devices. If a certain model, version, and setting was configured, a threat actor would be able to slip in. This could be a terrible attack if we were breached.
At the time, I led the vulnerability management team, and my CISO wanted to know if our VM tool showed this specific vulnerability on a zero-day threat. The bulletin he texted me about was released on a Thursday. We were doing vulnerability scans at the time, and we had not scanned for this specific zero-day yet. Our organization was agent fatigued — we only had appetite for less intrusive scans.
Our network engineer said he would have to check each device manually. He asked why we couldn’t run a scan to tell him what was misconfigured. There were hundreds of devices to look through, and I had no answers for my CISO.
Approvals were had. Scans commenced. In six to 12 hours, we would have results of vulnerability scans (providing the vuln ID loaded correctly and there weren’t scan issues). We had to work into the night to know the organization was secure. After many hours, we found we were indeed secure.
It was a long Friday night that should never have been so long.
Increasingly, we are being faced with complex issues that require us to not just look for a vulnerability, but view the entire organization. That is not always an easy task.
In the early 1990s, the U.S. military realized it was situationally dealing with more complex problems. The threats of the past had evolved. The military needed a system to predict solutions easier. It ended up coining an acronym, “VUCA” to help understand the full scope of problems.
VUCA is broken down into:
Especially in the last decade, the need to predict attacks from adversarial foes has become a serious reality. Given the complexity of organizational structure and data management, we have looked to many leadership and strategic models to support private sector infosec and asset management landscapes.
Traditionally, many organizations approach problems with a method that requires a different team for each group:
These teams all work together — but their data is often siloed in different tools.
With Axonius, we believe we can help teams answer the fundamental questions listed above seamlessly across business units.
In retrospect, if we had Axonius on that late Friday evening at my previous company, we would have had the network device information noted — as well as any vulnerability information. We could have gotten ahead of the curve by identifying what the VM tool should see and report accordingly.