Seeing the Unseen: How the City of Los Angeles Secured Its Digital Landscape with Axonius

For Joanne Scott, a Cybersecurity Analyst with the city’s Integrated Security Operations Center (ISOC), every day began with a familiar challenge: too much data, too many tools, and not enough clarity.

Each department managed its own systems. Security alerts poured in from multiple tools. Spreadsheets were often the only way to piece things together.

“In cybersecurity, you can’t protect what you can’t see,” Joanne recalls. “For us, visibility was the missing piece.”

As the city grew, so did the complexity. A single misconfiguration in one department could expose another. Manual incident investigations dragged on for hours. Visibility gaps became vulnerabilities, and vulnerabilities became risks to city operations.

The city’s security team was stuck in what Joanne describes as “organized chaos.” They had the right intentions, but not the right visibility.

• Each department maintained its own tools and datasets, creating silos

• Incident response often required hunting through disconnected systems

• Tracking asset coverage across departments was nearly impossible

• Manual investigations slowed response times and strained resources

The result was a patchwork of information, pieces of a puzzle that never quite fit together. What the team needed was a unifying force to connect all the dots.

Every security leader knows that what you can’t see can hurt you. For the City of Los Angeles, the stakes were especially high. Each day brought new devices, cloud instances, and user accounts to manage. The city’s SOC team was forced to rely on manual methods to track them. Investigations dragged out for hours or days, leaving potential threats unaddressed. Balancing proactive prevention with daily incident response felt like running two marathons at once.

“When you’re dealing with dozens of departments and thousands of endpoints, there’s no room for guesswork,” Joanne said. “We needed to know where everything was and whether it was protected.”

The risks were clear, and growing:

• Fragmented data meant blind spots in coverage and reporting

• Manual processes created bottlenecks that delayed response times

• Inconsistent enforcement left some departments exposed to threats

• Reactive firefighting left little time for proactive risk reduction

Tension mounted. Every audit loomed like a storm. Every delayed response brought the potential for a costly breach, or worse, an incident affecting public trust.

In a city that never sleeps, even a single moment of vulnerability could have widespread impact. A missed patch on a public-facing system. A dormant account with lingering admin privileges. A ransomware attack that could disrupt essential services.

Joanne’s team understood that inaction wasn’t an option.

“If we stayed reactive, we’d always be one step behind,” she explains. “We needed a way to see everything at once, and act on it automatically.”

Without change, the city risked:

• Prolonged investigations leading to potential exposure

• Compliance failures and audit delays across departments

• Overstretched teams unable to focus on strategic improvement

• Operational risks that could cascade across interconnected systems

It was time for a new approach, one that could scale with the city’s size, diversity, and urgency.

The City of Los Angeles turned to Axonius to unify its complex environment under one pane of glass. The result was transformative. With Axonius, the ISOC gained centralized visibility across all 40+ departments and thousands of devices. For the first time, the city could correlate users, accounts, and devices across Active Directory, cloud environments, and on-prem systems, all in real time.

The platform didn’t just display data; it acted on it. Automated enforcement workflows, hundreds of them, now trigger across the city’s EDR systems and custom scripts. Stale accounts are disabled automatically. Vulnerable endpoints are flagged before incidents occur. Risk scoring and prioritization help the team focus on the most critical issues first.

“We rely on Axonius not just for visibility, but for automation,” Joanne said. “It’s how we know our security stack is truly being deployed across the entire city.”

The city now uses Axonius daily to power key initiatives:

• Automated incident investigations that replace hours of manual work

• Vulnerability and end-of-life software tracking across departments

• Cloud instance monitoring to detect and resolve misconfigurations

• Security awareness tracking to measure employee engagement and improvement

And beyond the technology, Joanne highlights something equally important, the partnership.

“It’s not just about the technology,” she said. “The Axonius team has been phenomenal to work with. That partnership is just as valuable as the platform itself.”