At a glance

Employees

1,300

Challenges

Manually validating that solutions are deployed appropriately for compliance and software license management

Solution

Axonius Cybersecurity Asset Management Platform

Results

By automating policy validation to ensure each device meets compliance requirements, Landmark Health increased their security posture while eliminating manual, time-consuming audits.

Case Study

The Nightmare of Manually Validating Software Coverage for Compliance

And while there are layers to security, if a device is missing the most basic security solutions, it’s game over.

Since joining Landmark Health as Director of Information Security in October 2017, Jeffrey Gardner sought to solve difficult challenges around compliance and software license management. Apart from traditional IT Asset Management, Gardner and his security team perform monthly red team exercises to verify that all devices are compliant with Landmark Health’s security and software license management policies. Typically this exercise passed with flying colors…until it didn’t.

“During our red team exercises, we would hit devices with known exploits and they would fail as expected,” said Gardner. “But then all of a sudden, one would succeed and we would discover that the device was missing half of the security solutions that should be there. And while there are layers to security, if a device is missing the most basic security solutions, it’s game over. If even 1 device is missing 1 solution, that will become the lynchpin and take everything else down with it.” 

Aside from red team exercises and manual audits every 3 months, the team at Landmark Health relied on dumping device information out of Active Directory, doing the same with each security tool, and then using vlookups in excel to try to match devices with the solutions that should be installed.

The “Aha” Moment

While attending the RSA Conference in 2019, Gardner attended the Innovation Sandbox competition and watched the winning pitch from Axonius. Assuming that the manual work needed to ensure policy adherence was a necessary evil, Gardner was impressed by the simplicity of the Axonius solution.

“There has never been a tool that does what Axonius does,” said Gardner, “and I didn’t realize there was a solution to the problem, so we never tried to solve it. Asset management, policy validation, and cyber hygiene are so inconvenient and manual, but so essential.”

Simple, Automated Asset Management with Axonius

By connecting to more than 130 security and management solutions, the Axonius platform is agentless and can be deployed in minutes and hours instead of days and weeks.

Once a customer has connected each adapter, the system immediately starts to collect and correlate information about the devices, users, cloud instances, and the solutions that should be protecting them. Axonius is then able to:

  1. Give a credible, comprehensive asset inventory – All laptops, desktops, VMs, IoT devices, servers, cloud instances, etc., managed or unmanaged, cloud and on-premise. The system provides detailed, contextual information about all assets.
  2. Uncover security solution coverage gaps – Axonius is able to show devices with missing security tools, cloud instances not being scanned, and hundreds of other use cases by creating queries to match security policies.
  3. Automatically validate and enforce policies – With the Axonius Security Policy Enforcement Center, customers can customize the level of automated action to take whenever an asset is found to be out of policy.  

Immediate Time to Value and ROI

As with any purchase, Gardner needs to prove value and return on investment for any tool implemented at Landmark Health. By demonstrating automated auditing capabilities, time savings, and reduced risk, Gardner was able to show value immediately.

I can conservatively say that we’re 70% better off than we were before now that we have Axonius.

“We mainly focus our metrics around compliance, so we want to constantly compare ourselves against our last manual audit to show continuous improvement,” said Gardner. “Since we’re able to move from a 3-month audit window to an automated, daily audit, we can immediately track improvement and move much faster to take action. The time saved on the manual audit itself is valuable, and I can conservatively say that we’re 70% better off than we were before now that we have Axonius.”

Recommending Axonius

“I’d recommend Axonius to any company that isn’t full of people that love doing manual audits and live for dumping data into excel to do lookups,” Gardner added. “There’s just no downside. There has never been a tool that does what Axonius does, allowing us to tie everything together using simple queries and then putting compliance on autopilot.”

About Axonius

Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers security solution coverage gaps, and automatically validates and enforces security policies. By seamlessly integrating with more than 130 security and management solutions, Axonius is deployed in minutes, improving cyber hygiene immediately. Covering millions of devices at customers like the New York Times, Schneider Electric, and AppsFlyer, Axonius was named the Most Innovative Startup of 2019 at the prestigious RSAC Innovation Sandbox and was named Rookie Security Company of the Year by SC Magazine.