TransUnion Strengthens Global Attack Surface Reduction with Axonius

For a company like TransUnion, trust is not just a value, it’s the business. Operating in more than 30 countries and supporting data-driven services worldwide, TransUnion’s digital footprint is massive, constantly evolving, and increasingly complex.

Kara, Senior Manager of Attack Surface Reduction, has spent nearly eight years navigating that reality.

“As technology evolves, so does the attack surface,” Kara explained. “Every shift; cloud, AI, new development models, brings new risks that require new ways of thinking.”

Her team supports engineering, vulnerability management, and application security, sitting at the intersection of where innovation meets exposure. And in today’s threat landscape, those boundaries blur fast.

Cybersecurity is no longer a series of siloed functions responding independently. It has become a coordinated discipline that depends on visibility, speed, and alignment across teams.

TransUnion’s global presence is a strength, but it also introduces operational complexity. Different regions, hybrid infrastructure, and ongoing cloud migration all contribute to an environment that is constantly changing.

“How do you manage the transition from on-prem to cloud while keeping security consistent?” Kara asked. “That alone is challenging. Add global operations and emerging AI risks, and the complexity multiplies.”

As TransUnion’s environment continued to grow and evolve, one of the biggest challenges became maintaining a consistent, enterprise-wide view when answering foundational but critical questions:

• What assets do we actually have?

• Which ones are internet-facing?

• Are security agents deployed and working?

• Who owns this system when something goes wrong?

Without reliable answers, even strong security tools can’t deliver their full value.

“You can’t calculate risk without a denominator,” Kara said. “If you don’t know your full attack surface, you can’t tell leadership what percentage of assets are exposed or protected.”

Axonius was originally brought into TransUnion to solve an attack surface problem: consolidating visibility across multiple data sources, regions, and teams into one authoritative view.

“What we needed was a way to understand what we have and how it contributes to risk,” Kara said. “Axonius became that denominator.”

By correlating data from dozens of security and IT systems, Axonius created a unified asset inventory that security teams could trust, not just as a point-in-time snapshot, but as a continuously updated operational foundation.

That visibility unlocked multiple use cases almost immediately:

• Attack surface measurement with real context

• Agent health monitoring across servers and endpoints

• Ownership identification to accelerate remediation

• Operational metrics for vulnerability and coverage reporting

But one outcome stood out above all others.

Before Axonius, only about 12,000 assets across the enterprise had reliable ownership data attached to them.

Within months of deploying Axonius automations, that number grew to nearly 190,000 assets with identifiable owners or accountable departments.

“That was absolutely staggering,” Kara said. “And it changed everything.”

Instead of vulnerability teams spending valuable time tracking down system owners, they could now route remediation directly to the right teams with the right context.

“A huge amount of time was wasted just figuring out who to talk to,” she explained. “Now remediation can actually start immediately.”

The result was not just faster fixes. It also reduced friction across the organization.

Another major transformation came through the Axonius Action Center.

One of Kara’s teams now maintains 98–99% endpoint agent compliance, up from a previous baseline of roughly 70–80%.

With daily monitoring and automated actions:

• New systems missing agents are detected within hours

• Failed agents are flagged immediately

• Remediation workflows trigger without manual review

“We can detect issues the same day assets come online,” Kara said. “We’ve moved to a model focused on proactive hygiene and continuous monitoring.”

That shift freed skilled engineers from repetitive maintenance work and allowed them to focus on higher-value security initiatives.

“It’s not just better coverage, it’s better use of our people.”

Security teams are often seen as blockers. Kara wanted Axonius to become a bridge instead.

Because Axonius provides controlled, role-based access to relevant asset data, teams outside of security can finally see what affects them, without exposing sensitive security tools.

“I can give teams the exact data they need and nothing more,” Kara said. “That builds trust.”

Instead of beginning conversations with policy violations or escalations, Kara’s team can now start from a place of partnership:

“How can I help you secure your environment?”

That mindset shift has improved responsiveness and strengthened working relationships across IT, operations, and engineering.

“It turns security into a partner, not an enforcer.”

Today, TransUnion uses BMC Remedy for asset management, but manual updates and incomplete feeds make maintaining accuracy difficult, especially in a global, acquisition-driven organization.

With Axonius now providing consistent ownership and enriched asset data, Kara’s team is preparing to use it as a CMDB augmentation layer.“Instead of fixing records one by one, we’ll be able to update everything in one motion,” she said. “That’s transformational for asset management.”

For Kara, strong security leadership isn’t about micromanagement or having all the answers.

“It’s about bringing clarity,” she said. “When people understand the destination, they’ll find their own way there.”

She believes growth happens when teams are trusted to solve problems, and allowed to fail safely while learning.

“Failure means someone tried something new. That’s how progress happens.”

For executives still relying on fragmented data sources and spreadsheets, Kara has simple advice:

“If everyone is working from different data, you don’t have alignment, and without alignment, you won’t get the outcomes leadership expects.”

Axonius, she says, creates a shared foundation for action.