Correlating alerts and IOCs with asset information to accelerate incident response.
By connecting the Axonius platform, the security team was able to cut asset discovery time by nearly 90 percent while helping improve their overall security program.
Consolidating information into Axonius enabled the team to marry network data with management tools, allowing them to better understand and improve their existing security tools.
Data Accuracy & Efficiency Challenges In Large, Complex Environments
Over the last two decades, the Director of Enterprise IT Global Security at a global energy management company has seen his already complex environment rapidly expand thanks to mobile and — more recently — IoT. Throughout this growth, it became increasingly difficult to track assets in a way that satisfied compliance standards.
“Tracking assets was a real challenge for us,” the director of enterprise IT global security said. “We had quite a few tools and found it really difficult to correlate [the data from] those tools in order to locate assets with a high degree of accuracy.”
The security team also realized its CMDB and other tools were unable to provide the speed and extensiveness it was looking for when it came to asset discovery and management.
“We realized that we had to find our assets quicker, and that we needed a unified, single source of truth to correlate and view our assets,” the director explained.
The Initial Appeal
When the company’s security team launched their search for a simpler solution to asset discovery, their initial interest in Axonius stemmed from the list of over 250 integrations built to connect the platform with existing security and management solutions. The team also found that Axonius quickly responded to its request to add a previously unsupported adapter.
“I wasn’t used to that level of responsiveness [from a vendor] in the enterprise space,“ the director said. “There were a couple of adapters that Axonius didn’t support at the time, and they were able to add them over the weekend.”
"Axonius has become a pretty critical piece of our whole ecosystem."
Director of Enterprise IT Global Security
The "Aha" Moment
After launching the Axonius pilot, the company’s team connected all their data sources and gathered a comprehensive asset inventory in the first 10 days. They described the process as a “real eye opener.”
Once onboarded with Axonius, the security team began using the platform in a larger capacity — from populating their existing CMDB with accurate data, to integrating Axonius into their incident response workflows. Axonius was able to help the team break down and eliminate silos within the organization by serving as a single source of information. This provided various security tools and teams with unified access to a wealth of data that had not been available before.
Furthermore, pulling data from new sources allowed the team to marry their network data with their management tools for the first time. This raw level view of their assets has been crucial in helping them better understand and compare existing security products. Thanks to this level of detail, the team has been able to make improvements and increase the value of each tool.
The Outcome: Identification of Ephemeral Devices & Accelerated Incident Response Investigations
As a multinational energy management company with over 200 facilities, the security team investigates thousands of incidents each year. With many of these incidents affecting OT devices spread out over production and data centers, the team often struggled to even locate a device in question — let alone understand what was on it.
To amplify the problem, field technicians were frequently required to spin up and deprecate virtual machines in a matter of hours. Often, these ephemeral VMs would be flagged once created, but many would disappear just as quickly. Left unaddressed, unused machines could pose significant risk if not deprecated.
The energy management company’s team estimated that, before purchasing Axonius, an incident investigation would take an average of three to five days. The team described the process as “extremely manual and extremely painful,” requiring them to manually sift through logs to match IP addresses to users and devices.
With Axonius, their newly automated process takes three to four hours at most — nearly a 90 percent decrease in time.
Not only did Axonius drastically reduce costs associated with investigation hours, the team now has a clear view of their individual assets. This allows them to perform thorough software audits to identify and shut down devices and licenses that are no longer needed.
By implementing the Axonius cybersecurity asset management platform, the team successfully balanced their overall security posture, despite the ongoing challenges they face as a multinational organization.
Axonius is the cybersecurity asset management platform that lets IT and security teams see devices for what they are in order to manage and secure all. Interested in seeing what Axonius can do for your organization?