- Use Cases
For organizations working in HR technology and employee benefits, keeping safe sensitive and private employee data is essential to business operations.
And, for HR tech organization, PlanSource, knowing what assets are in their environment — and what the possible vulnerabilities in that environment may be — is at the core of protecting this very information.
“I think most organizations struggle with understanding what inventory they have, said David Christensen, VP and CISO at PlanSource. “When they’re doing an assessment of vulnerability, they struggle with understanding if they have gaps. So without having an adequateand accurate inventory, you may end up having a bigger gap than you expected.”
These gaps impacted how the PlanSource IT and security teams assessed vulnerabilities in their environment — but gathering the information necessary to analyze these risks was challenging.
“We would believe we scanned our entire network and understood what our actual threat and risks were, only to find out later on that we were off by 10% to 20%,” Christensen said. “That was almost an accepted risk that we really didn’t want to accept.”
These challenges soon manifested in how these teams operated every day. Multiple teams, for example, supported the same environment, but when they inventoried assets, they’d have different answers.
“When we realized that the answers were different from different teams, it ended upturning into a project to understand the true state of our environment,” he explained. “And those projects were time consuming and disruptive.”
Finding a tool that could integrate all their services within the PlanSource environment, maximizing visibility and eliminating the person-hours it took for asset inventories, was a need for their IT and security teams. And it all had to happen fast.
“We needed something that could really highlight the problem, without spending so much time trying to get to the problem,” he said. “But once we knew what the problem was, we wanted to take action. Can a tool be quick to integrate, maximize our integrations, and provide value in a short period of time?”
David Christensen, VP and CISO, PlanSource
Christensen first heard about the Axonius platform from his peers.
“I’ve looked at other inventory solutions in the past, and almost all of them took an approach where they weren’t really looking at the source of data in a real, true sense,” he explained. “I was a little apprehensive, but I quickly figured out after looking at [Axonius] that they were tapping into an area that a lot of other products and solutions weren’t really addressing.” It was the platform’s capabilities to show true visibility into the state of their environment, respond quickly when an asset deviated from a policy, and expedite vulnerability remediation that sold the PlanSource teams on Axonius. And the value was immediate — for everyone.
“The problem we were trying to address for security was a problem that a lot of our cross-functional teams were having as well,” Christensen said. “When they got a chance to see the power and the information that Axonius provided, it was a no brainer. They saw the benefit. And it’s always an added benefit when a security solution can also benefit non-security entities. They’re more supportive and more eager to get integrated as fast as possible.”
With Axonius, the IT and security teams are more proactive than ever before. They’re saving man-hours, with a more accurate understanding of what’s happening in their environment.
“Let’s face it, asset inventory is not a fun thing to do,” Christensen declared. “Having an asset inventory product like Axonius gives us that accurate view on what we have and what is deployed on those assets. When we have to identify the impact of a zero day, we’re hitting 99% to 100% accuracy.”
Along with a more accurate asset inventory, the PlanSource teams are also having more visibility into areas by leveraging their existing data. Christensen said they’ve identified processes and procedures that either didn’t exist before, needed updating, or needed to be created.
The Axonius platform also provides the various teams a more holistic view of the environment.
“We went into this thinking it was going to be an asset inventory component, and it’s really shown us that there’s bigger pieces of our environment that require more focus that we wouldn’t have known about before,” he said. Instead of taking the time to figure out if a security solution was successfully deployed to their assets, the teams now actually know — saving them much-needed time in their days.
“Axonius allows us — in near real time — to detect when there are new assets, when assets are in a state that we don’t want them to be in, or when there are missing components for security controls,” Christensen said. “It’s allowed us not to have a compressed amount of work that has to happen in a short amount of time, because we can detect it on a day-to-day basis.”
On top of all this, the Axonius platform helped PlanSource maximize their investment into their security program.
“When I’m being asked: ‘Do we have adequate controls to protect against a new vulnerability, zero day, or active attacks that are happening in the industry?’, I can confidently go to the board and my executive leadership team and say, ‘Yes, we have the right tools in place,’” Christensen explained.