Visibility is the first step in any cybersecurity strategy. Before you can lock down your network, you have to know what’s on it.
On March 4th, Axonius will compete to be named “Most Innovative Startup” at RSAC 2019
Cylance. Cybereason. Phantom. SentinelOne. SumoLogic. Imperva. Axonius. What do they all have in common? All cybersecurity startups that were put on the map after being selected to compete in the Innovation Sandbox Contest at the RSA Conference.
On this week's episode of the CISO/Security Vendor Relationship Podcast, Edna Conway discussed with co-host David Spark why the Axonius approach to asset management is unique, and why the topic is such a hot trend right now:
Topics: asset management
Implementing Security Solutions at a Growing Company
When he joined mobile attribution and analytics leader App
sFlyer in January 2018, CISO Guy Flechter began implementing a wide-ranging cybersecurity program to protect his heterogenous environment.
“The nature of our business coupled with how quickly we’ve grown has led to an environment that is far from uniform,” said Flechter. “With Windows devices in AD, Macs managed by JAMF, Linux devices managed by Chef, various security tools (such as: end point protection, EDR, deception and more) on every laptop, MDM solutions, deception agents, and so on, the result was a patchwork of security solutions. And although adopting best-of-breed solutions is the right strategy, it becomes a management headache.”
Ensuring Policy Adherence
After implementing the best security tools for every device type, the AppsFlyer team realized that they needed an automated way to ensure that every device had the required solutions installed, and that users had the correct permissions to adhere to the overall security policy.
“We needed an easy and automated way to have clear visibility into which agents were missing from each device, and a way to know when users had rights that conflicted with our security policies. For example, I want to immediately see all Windows devices missing an endpoint agent, unmanaged devices in various VLANs, and I want to know any time a user has been active but hasn’t changed their password in the past 60 days. These are really foundational elements of any cybersecurity program, and there were no good ways to get the answers,” said Flechter.
Recently the topic of continuous asset management for cybersecurity has spawned some interesting discussion. From Daniel Miessler’s piece “If You’re Not Doing Continuous Asset Management You’re Not Doing Security” to Anton Chuvakin’s note about “asset discovery and asset management for the modern era becoming a BIG HUGE problem”, the topic is gaining steam.
It’s funny how and when inspiration strikes. A few days ago, I was reading our almost 4-year-old one of her favorite books, “We Forgot Brock”. It’s a book I’ve read to hear dozens of times, but this time was different. When I got to the last page and saw the final sentence, it struck me in a way I haven’t been able to forget:
And everything was even better than before.
n a widely shared article by Daniel Miessler and a post by Anton Chuvakin, the topic of asset management and its relationship to cybersecurity has been resurrected. And although cybersecurity asset management isn’t as sexy as AI, ML, and some of the other hot topics in cyber tech today, it’s an issue whose time has come. In this post, we’ll look at why asset management is still a problem, what success looks like, and an approach to getting there.