- Use Cases
Landmark is one of the nation’s largest healthcare companies focused on in-home care of complex, chronic patients. They support collaborative ties between community-based organizations, primary care providers, specialists and patients.
Since joining Landmark Health as Director of Information Security in October 2017, Jeffrey Gardner sought to solve difficult challenges around compliance and software license management. Apart from traditional IT Asset Management, Gardner and his security team perform monthly red team exercises to verify that all devices are compliant with Landmark Health’s security and software license management policies. Typically this exercise passed with flying colors...until it didn’t.
“During our red team exercises, we would hit devices with known exploits and they would fail as expected,” said Gardner. “But then all of a sudden, one would succeed and we would discover that the device was missing half of the security solutions that should be there. And while there are layers to security, if a device is missing the most basic security solutions, it’s game over. If even 1 device is missing 1 solution, that will become the lynchpin and take everything else down with it.”
Aside from red team exercises and manual audits every 3 months, the team at Landmark Health relied on dumping device information out of Active Directory, doing the same with each security tool, and then using vlookups in excel to try to match devices with the solutions that should be installed.
While attending the RSA Conference in 2019, Gardner attended the Innovation Sandbox competition and watched the winning pitch from Axonius. Assuming that the manual work needed to ensure policy adherence was a necessary evil, Gardner was impressed by the simplicity of the Axonius solution.
“There has never been a tool that does what Axonius does,” said Gardner, “and I didn’t realize there was a solution to the problem, so we never tried to solve it. Asset management, policy validation, and cyber hygiene are so inconvenient and manual, but so essential.”
Jeffrey Gardner, Director of Information Security, Landmark Health