Companies face a different world for cybersecurity now. Networks are growing fast, and with that increased scale inevitably comes increased complexity.
Today, an organization could have any number of devices connected to its network, says Dean Sysman, the co-founder and CEO of cybersecurity firm Axonius.
“An organization can have an IoT device connected to the office,” Sysman says. “A server connected in a data center. They have a container up in the cloud, and could have somebody working on their phone from a Starbucks.”
In other words, a company is spread across various assets, making asset management for cybersecurity key. The problem is, when devices jump on and off networks faster than they can be spotted, the tech is outpacing the people, Sysman says.
And that means many companies are vulnerable to security breaches. “Today, organizations know they will be breached,” Sysman says. “The question is not if, but when.”
But you can’t protect the assets you don’t know about, and that’s where Axonius comes in.
Axonius specializes in cybersecurity asset management, allowing organizations to see — as well as understand and address — all of the devices and software in their environment at any given time, which is a fundamental part of cybersecurity.
“Cybersecurity begins with two very basic questions,” says Renee Wynn, former CIO of NASA and former deputy CIO, EPA.
“Who is on your network? And what is on your network?”
Cybersecurity Asset Management
Axonius was founded to answer those two questions.
At NASA, Wynn had transient tech coming and going from the space agency’s network constantly. Under Wynn’s watch were 400,000 pieces of IT equipment and 40,000 software programs running on the network. That’s a lot to keep tabs on. What are the odds you spot a Death Star port-style vulnerability?
Axonius creates an always up-to-date inventory of the devices and software connected to an organization’s network. Taken in totality, these form your “attack surface” — the places where you could be vulnerable to a breach.
The Importance of Cybersecurity Asset Management
The importance of knowing everyone and everything on a network was thrown into sharp relief when the Federal Communications Commission officially cited Chinese companies Huawei and ZTE as threats to national security.
As Reuters reported, the government put the companies on an economic blacklist in 2019, before declaring them national security threats to the U.S.’s communications network in 2020. Once the declarations were handed down, any American companies found to be using tech from the two would forfeit their revenue from federal customers.
But with the sheer amount of devices jumping into and out of company networks, ensuring compliance with the federal mandate turned out to be extremely difficult without a comprehensive, near real-time asset inventory.
“We have a customer who has billions of dollars in revenue from federal agencies,” Sysman says, “and they told us that they used our solution to find those devices within less than a minute of running a query within the Axonius platform.”
According to the customer, their peers at a similar organization took weeks to begin solving the problem.
“We’re not gonna replace Batman,” Sysman says.
“But we want to give Batman his toolbelt to be able to fight the bad guys.”