How Los Angeles Transformed Cybersecurity with Axonius
In a city known for its sprawl, the City of Los Angeles faced escalating and complex cybersecurity attack surface risks. Axonius helped them confront fragmented tools, blind spots, and compliance challenges.
Key Challenges
Inconsistent visibility into internal and external attack surfaces
Disparate tools leading to fragmented security data
Slow and manual investigations across departments
Difficulty identifying unmanaged, non-compliant devices
Lack of a unified, accurate, real-time asset inventory
Inability to quantify and defend cybersecurity strategy to leadership
Axonius enhances our capabilities on threat hunting, investigations, and situational awareness.
Introduction
For Tim Lee, CISO of the City of Los Angeles, and Daniel Clark Lee, who leads the Integrated Security Operations Center (ISOC), cybersecurity isn’t a luxury, it’s a lifeline. They’re charged with protecting a city that stretches from ocean to mountain and includes critical infrastructure like the Los Angeles World Airports and the Department of Water and Power.
Yet for years, the team operated in a fragmented world. One where blind spots, siloed tools, and incomplete data made comprehensive defense impossible.
We’ve got to have a clear picture of what we are protecting, and what are the assets in our protection domain.
Previous Situation
Before Axonius, the City of Los Angeles faced a paradox of size and invisibility. With over 40 departments each managing their own tools and systems, the ISOC team struggled to answer a basic question: “What exactly do we own?”
The lack of a unified view across departments created deep tension.
We're such a large organization and we have so many different department integrations that are really important for us... One of our biggest pain points is having a lot of people using a lot of different tools.
Even internal asset visibility was limited. Many tools only focused on Active Directory or narrow slices of the environment, leaving vast swaths of infrastructure unchecked.
“When you’re talking about attack surface management, the key element is good asset management,” said Tim Lee. “You’ve got to know what you are protecting.”
Challenges
The ISOC team was drowning in complexity. Disparate systems. Shadow IT. Missing patches. Tools that didn’t talk to each other. And an explosion in attempted cyberattacks, 20 times higher than in previous years.
The threat wasn't hypothetical. The city’s infrastructure, including airports, water, and law enforcement, meant that any misstep could cascade into real-world consequences: disruptions, data breaches, and even public safety incidents.
One of the other issues we had with internal attack surface management is it's fairly scoped down... It only looks at certain assets that might be missing patches or CVEs. That’s not enough.
Increased attacks and stress also took a toll on the security team. Investigating alerts required cycling through four or five different tools. Misconfigurations went unnoticed. And policy enforcement was inconsistent across departments.
The cost of inaction? A blind and ineffective cybersecurity program. A budget that couldn’t be defended. A city left vulnerable.
Consequences
Without a clear view of assets and vulnerabilities:
Unmanaged devices could serve as entry points for attackers
Inconsistent patching left gaps in the city’s cyber armor
Regulatory non-compliance could trigger investigations or funding cuts
A breach affecting critical departments could disrupt millions of residents and devastate public trust
“You’re in this blind mode,” said Tim Lee. “Your cybersecurity program is not effective, and your budget is not defensible. And then you are wasting resources, too.”
Solutions
Axonius became the ISOC’s single source of truth. First tested in a proof of concept, Axonius quickly stood out. It helped the city discover unmanaged devices lacking EDR and revealed critical gaps in patch levels.
Axonius helped us identify unmanaged devices without proper EDR installation and patch management levels... Their support team even improved an adapter in real time to meet our specific needs.
Now, the ISOC team aggregates data from across departments into a single pane of glass.
Internal vulnerabilities are spotted instantly
Endpoint coverage is clearly quantified across 87,000 assets and counting
Investigations that used to take hours now take minutes
Alerts tied to specific assets can be triaged and traced to users
“Being able to integrate different tools and aggregate all that data into one kind of single pane of glass has been really important for us,” said Daniel Clark Lee.
Whether validating policy compliance, investigating suspicious devices, or planning Zero Trust initiatives, Axonius gave the city the visibility and control it desperately needed.
When you have a clear picture on the scope and domain of what you're protecting, then your strategy and your program is very targeted and very accurate... The information we get from Axonius supports this process.
Results:
Identified and inventoried 87,000+ assets within the protection domain
Reduced alert investigation time from hours to minutes
Detected unmanaged and non-compliant devices across departments
Enabled endpoint-level situational awareness and threat hunting
Improved policy enforcement through department-level reporting
Enhanced data collection to support Zero Trust and future initiatives
Streamlined asset data sharing with business executives and city leadership
Increased flexibility to scale from 2,000 to 20,000 assets with no performance issues
See Axonius in action
Discover what’s achievable with a product demo, or talk to an Axonius representative.