Landmark is one of the nation’s largest healthcare companies focused on in-home care of complex, chronic patients. They support collaborative ties between community-based organizations, primary care providers, specialists and patients.
Employees
1,300+
Key Challenges
Manually validating that solutions are deployed appropriately for compliance and software license management
Results
By automating policy validation to ensure each device meets compliance requirements, Landmark Health increased their security posture while eliminating manual, time-consuming audits.
The Nightmare of Manually Validating Software Coverage for Compliance
Since joining Landmark Health as Director of Information Security in October 2017, Jeffrey Gardner sought to solve difficult challenges around compliance and software license management. Apart from traditional IT Asset Management, Gardner and his security team perform monthly red team exercises to verify that all devices are compliant with Landmark Health’s security and software license management policies. Typically this exercise passed with flying colors...until it didn’t.
“During our red team exercises, we would hit devices with known exploits and they would fail as expected,” said Gardner. “But then all of a sudden, one would succeed and we would discover that the device was missing half of the security solutions that should be there. And while there are layers to security, if a device is missing the most basic security solutions, it’s game over. If even 1 device is missing 1 solution, that will become the lynchpin and take everything else down with it.”
Aside from red team exercises and manual audits every 3 months, the team at Landmark Health relied on dumping device information out of Active Directory, doing the same with each security tool, and then using vlookups in excel to try to match devices with the solutions that should be installed.
The "Aha" Moment
While attending the RSA Conference in 2019, Gardner attended the Innovation Sandbox competition and watched the winning pitch from Axonius. Assuming that the manual work needed to ensure policy adherence was a necessary evil, Gardner was impressed by the simplicity of the Axonius solution.
“There has never been a tool that does what Axonius does,” said Gardner, “and I didn’t realize there was a solution to the problem, so we never tried to solve it. Asset management, policy validation, and cyber hygiene are so inconvenient and manual, but so essential.”
“There has never been a tool that does what Axonius does, allowing us to tie everything together using simple queries and then putting compliance on autopilot."
Jeffrey Gardner, Director of Information Security, Landmark Health
Immediate Time to Value & ROI As with any purchase, Gardner needs to prove value and return on investment for any tool implemented at Landmark Health. By demonstrating automated auditing capabilities, time savings, and reduced risk, Gardner was able to show value immediately.
“We mainly focus our metrics around compliance, so we want to constantly compare ourselves against our last manual audit to show continuous improvement,” said Gardner.
“Since we’re able to move from a 3-month audit window to an automated, daily audit, we can immediately track improvement and move much faster to take action. The time saved on the manual audit itself is valuable, and I can conservatively say that we’re 70% better off than we were before now that we have Axonius.”
Recommending Axonius “I’d recommend Axonius to any company that isn’t full of people that love doing manual audits and live for dumping data into excel to do lookups,” Gardner added.
“There’s just no downside. There has never been a tool that does what Axonius does, allowing us to tie everything together using simple queries and then putting compliance on autopilot.”
Axonius is the cybersecurity asset management platform that lets IT and security teams see devices for what they are in order to manage and secure all. Interested in seeing what Axonius can do for your organization?
