Skip to content
    Search

    HOW EPIQ ACED ASSET MANAGEMENT WITH AXONIUS

     
    epiq logo

    A worldwide provider of legal services, Epiq serves law firms, corporations, financial institutions, and government agencies. With over 80 offices and 17 data centers spread across different continents, Epiq has transformed the business of law for its clients globally for nearly two decades.

    Employees

    7000 +Employees
    Key Challenges

    Confidence in their asset management program, gaining visibility into all assets,and identifying security gaps.
    Results

    Epiq democratized asset data, achieved unparalleled visibility into their assets, gained complete context on devices and users, and identified security gaps using Axonius.

    Seeking Robust Asset Management, Visibility

    What keeps a chief information security officer up at night?

    According to Jerich Beason, senior VP and CISO at legal services company Epiq, it’s mostly the things "we don't know what we don't know." But knowing what needs to be protected is imperative for CISOs — especially when securing the organization is top of mind. And asset management is foundational to that effort.

    “Asset management is the number one control in security when you look at pretty much every security framework out there. If you don't get that right, you're never going to really know your controls are effective,” Beason said.

     

    But the lack of a robust asset management tool and an incomplete asset inventory were posing challenges for Beason.

    “Beyond that, I wanted to show the progress we're making. But I didn’t have a common denominator that was consistent. When I look at, ‘I have 75% coverage over a certain technology and I want to get to 80%,’ that percentage is only real if I have confidence in what I'm basing it up against,” he said.

    "Security is aiming to be an enabler of the business, and Axonius is the epitome of enabling the business."

    Jerich Beason,Senior VP and CISO, Epiq

    Challenges Driving the Need for a Platform Like Axonius

    Beason joined Epiq in August 2020 and immediately began implementing a transformational strategy for security. But he quickly realized asset management needed to be a part of it.

    “It’s because I had blind faith in what we were already doing from an asset management perspective. But as I was attempting to execute my strategy, I faced constant roadblocks. I didn't know where I needed to apply certain controls or where all of the gaps were. It became clear we needed to focus on asset management because I didn't have a complete picture of my attack surface,” he said.

    Before Axonius, Epiq was “heavily dependent” on agent and scanning-based technology for asset management. The resulting challenges?

    • Agents offer limited visibility as they can only be deployed on known devices. Plus, keeping up with agent hygiene and version control can be tedious.
    • Scanning tools are limited in asset discovery capabilities and often miss devices that are remote, cloud-based, ephemeral, and outside the scan schedule. They also often fail from a permissions perspective or segregated behind network barriers.

    Beason initially wanted to tackle the challenge by building an asset management tool in-house. But his VP of the Cyber Fusion center convinced him to look at Axonius.

    “I went to the website and saw a two-minute video and was floored. I brought in Axonius for a POC. After seeing groups within my networking and IT teams wanting it — and even outside of security and across the business — it was an easy decision to move forward with Axonius,” he said.

    Beason was impressed by its agentless approach to identify all assets — both known and unknown — and its turnkey approach for aggregating all the valuable data housed by different systems.

    “Our cyber strategy was completely contingent upon knowing the devices and the systems in my environment. What I was able to accomplish with Axonius gave me a much shorter time to value in gathering my asset data, correlating that asset data, identifying gaps, and making security decisions,” he said.

     

    Without a platform like Axonius, it would have taken him “substantially more resources” to get there, Beason added. Axonius customer service was also very prompt at integrating with data sources that weren’t already on their pre-built integration list.

    Driving Confidence in Asset Management, Use Cases with Axonius

    Axonius was able to break down and eliminate silos within the organization by serving as a single source of information for Beason’s team.

    The hidden value behind Axonius is that all the groups within IT are collaborating more because they all have the same data, he said. “Axonius has democratized our asset data and that has been a value added benefit that we never even attempted to achieve.”

    Traditionally, each team (networking, server, cloud, etc.) has access to their own tools. While that makes sense, he said, the problem arises when one group needs access to data belonging to another group.

    “With Axonius, all that data has been aggregated. But it's not about risk — it's about context. That context is now within every piece of our organization and we're seeing increased collaboration because of it,” he added.

    Axonious is now core to many of their standard operating procedures.  “Adoption by the IT group overall has been quite a surprise. Three-fourths of the IT staff have requested access to Axonius, simply because they heard about its use in other parts of the organization and wanted to use it to solve their own problems as well. Now it’s not only the starting point for our incident response process, but for the rest of IT’s support processes as well.”

    The platform facilitated several security use cases for Epiq.

    • Agent health dashboards that show devices that aren't properly configured
    • Dashboards that show new technologies that IT and security teams didn't know existed
    • Dashboards that show any new system joining Epiq’s network environment

    “Because of COVID-19, a lot of people may try to use their own personal device to access our environment. We have a number of controls that prevent that. But if someone were to find a way to connect that laptop that they just bought from Best Buy to our network, I would see it really quickly. I don't think that I would've been able to say that in the past,” Beason said.

     

    Axonius also enabled the Epiq IT team to support systems and run queries much faster than before, and then access that information really quickly, he said.

    What's more, the platform also provides complete context on users.  “We’re able to tie users to devices. You’re able to see how certain users are configured on devices and do attribution when trying to identify system owners for things like vulnerability remediation,” he said. At a high level, Axonius also enables Beason’s team to move more quickly with incident response investigations. It helps identify systems that weren't properly secured and provides unparalleled visibility into all assets.

    Today, Axonius is a core part of the standard and safe operating procedures established by Epiq’s cyber team to secure and support the organization.

    “I would absolutely recommend Axonius — and I’ve already recommended Axonius to my friends in the industry. I'm glad we got in early and that I've been able to be a part of this journey."

    Axonius Blog

    Three Ways to Comply with the Singapore Cybersecurity Act

    Stay up to date on the latest IT and cybersecurity trends, Axonius product updates, and tips and tricks.

    Resources

    Mastering Cybersecurity Measurement

    View our latest research, customer stories, technical documents, and other useful links.

    Webinars

    Now What? When Cybersecurity Disclosure Rules Widen the Gap Between Reputation and Risk

    Learn proven strategies for improving your IT and security functions within your organization.