Asset Management for Cybersecurity: A Modern Solution for An Age-Old Challenge

So, good afternoon. Yes. Much nicer, right? My name is er and I'm a part of the MEA sales engineering team for Axios for the past two years. Now, axon started in 2017 with the mission to solve the asset management challenge for cybersecurity team, which is also the topic for our presentation today. Axon is headquarters in New York. We are almost over 600 employees now. We have hundreds of customers crossing almost any vertical, and we're evaluated $2.6 billion based on the last round of funding. And so the topics that I plan to cover today are the asset management mandate for cybersecurity. We look into how everything we do in cybersecurity and why every compliance framework consider asset management foundational for cybersecurity. We then look into the challenge and why with all the tools that we have today, the complexity and the importance and importance keep increasing. We then look into couple of use cases, cybersecurity use cases around asset management. And then finally we'll suggest an approach to solve the problem.
So the first question is why asset management is so important for cybersecurity. If we lo, if we wanna look broadly, we can look at something like the CIS critical controls. The CIS critical controls as a is a prioritized set of actions needed to protect your organization for cyber attacks and your data. It its range from the most basic best practices into the foundational and then to organizational process, which are more around processes, procedures, and people. If we look just at the five first one, you'll notice that inventory of and control of hardware asset. That's number one the most basic in any security program or strategy. And basically that's the ability to understand what's connected to our network, what should be, be there, what should not be there, and whether we, we are able to remove what we are not, what, what, what is not supposed to be there.
Making sure that only assets that should gain access to the network are in fact gaining access. Same goes to software, making sure that only our permitted software is allowed for is installation and execution. And anything which shouldn't be there will prevent it from installation and execution in the network. Continuous vulnerability management continually, continuously scan our software and assets for newly discovered vulnerabilities, making sure they're mitigated in time to reduce the window of opportunity for to, of attacker, to exploit them. Number four is the control use of administrative privileges on workstations, servers, software, and so on to make sure that only the people that should have these per permissions are allowed to use them. And finally, secure configuration of mobile devices, workstations, servers, applications and so on to make sure that attackers cannot exploit misconfiguration in tools, workstations, servers, and so on in order to gain access. And then if we look at more industry specific regulations and requirements and compliance framework, you will most likely notice exactly the same trends. So if we look at hipaa, PCID says the different NIST compliance framework, you'll notice exactly the same trend. The most basic requirements is to know what you have. In fact, most of these regulation and compliance framework map map backs map back to the CIS critical control list. So you are expecting to see exactly the same trend.
So we understand why it's important, but why still it's such a big challenge. And so every axon use presentation. When we, when we try to illustrate the problem, we are using that tweet slide of a ciso who is asking how many Windows devices do we have? And based on who we ask, he gets a different answer. This is maybe good enough for IT use cases or for different use cases for cybersecurity, that's not good enough. You need to understand exactly what you have. You need to have an accurate inventory. You need to know what you have in order to protect it.
So it's, it's, it's 2023, almost 2024. Why? Why is it still such a, such a big challenge? In order to understand that we need to look in on a network and how they evolve over time. Historically, if we looked 20, 30 years ago, most of our assets were Windows boxes behind the perimeter, behind the firewall, connected to a switch network to active directory. They maybe had an IT virus agent on maybe something that used to distribute updates. Life were pretty simple. And then over time we added more devices types. So now we have Linux devices, now we have virtual servers. And each type of new devices that we introduced into the organization also bring more and more systems, which are being used to manage and secured those, those new devices types. So now we also move to mobile devices that anyone can bring. So now maybe we have MDMs or identity providers.
And then again, the data. We just created new data silos where part of our inventory is in them and then it goes, we move to the cloud. So now we have the cloud providers and the systems which are supposed to protect those environment, SaaS application. Anyone today can just onboard a new SaaS application to the organization in some cases, even without the knowledge of the IT and the security teams. And then IOT came. So now anything that could be connected would be connected. And so the, the problem is that the data exists in so many different silos, which makes it really hard to answer questions, which are spanning all these different data sources as the data is really distributed across all of them. Let's try to look at some of the things that we do in cybersecurity and are affected by asset management doing wrong.
The first one is the device discovery. Are we able to see every device which is now connected to the network? Is it supposed to be managed? Is it managed? It could be an ephemeral devices that live for a very short time, or it could be even an iot device that I cannot put an agent on or I cannot add to my active directory. We need a full visibility into all devices connected to the network. The second one is endpoint protection. We're spending a lot of time procuring testing, endpoint security solution. We need to deploy them across the entire organization. How do make we make sure that agents are installed everywhere they should be? And if they're installed, how do we know that they're functioning properly? It's hard to go into the solution and ask them, can you show me everything that you don't know about? In order to answer that question, you first need to have a comprehensive asset inventory and then you can compare to what's in there or what's not in there. Vulnerability management, again, that's another challenge. How do we make sure that everything that should be scanned is in fact scanned? In most cases, we are telling the system, those are the system that you need to scan, but doesn't necessarily means that everything that should be scanned is in fact being scanned. And then how do you always prioritize patching effort and CVEs based on your own network context if you don't have an accurate inventory, which has all this data already.
Cloud security, again, how do we found cloud workloads which are not being scanned? How do we make sure that all of our cloud identities or work workloads are not exposed to the internet if there shouldn't be? And then finally, also compliance. If we need to make sure that all of our cloud workloads are compliant with something like ACIS benchmark or any other compliance framework, how do we do that
Incident response? Are we able to understand a configuration for an asset at any point in time? If we are investigating inve historical incidents, how do we know for a specific IP address what that device, what that IP address, what device that IP address was assigned maybe a week ago, which vulnerabilities exist on that device at the time of the incident? Were any user just logged into that machine? So we also keep historical information of all changes across assets. And then obviously the ability to pivot between an alert to a device to the identity which is associated to that device. And then what else that identity can do. Can it access our SaaS applications? So you can also use that to understand the potential for lateral movement GRC and audit. We also, we already met about, we already talk about the requirement to to meet benchmark and obviously having an inventory that would be number one in any compliance framework. And also how we can satisfy audit requirements by being able to pull fresh and accurate data about our assets and also about the controls that should be in place. And then finally for IT infrastructure, can we see all of our OS distribution, our cloud distribution software coverage and so on?
I can speak about any of those for hours. But the bottom line is that you see how many different processes and actions that we do in cybersecurity may be negatively affected if they're being done manually. On the flip side, if it's being done right and automated, there is a lot to gain. And what we wanna do is to suggest an approach of solving that problem. And that approach works whether you try to build something like that yourself or whether you are using a commercial product. And it works that way. Instead of deploying yet another agent or yet another scanner or sniff into your network traffic, we prebuilt hundreds over 800 different integration with any commercial and open source solution within the IT and security stack. You can think of. Think about vulnerability management, e EDRs, cloud provider, virtualization, HR systems, identity provider. We cover them all.
You connected a solution using APIs, which continuously fetch asset information like devices, identities, applications, vulnerabilities, and so on. They deduplicate it, they correlated, they normalize it into one common language to build a comprehensive, always up to date asset inventory. And once we establish that baseline, we can start and ask questions, which are crossing all these different sources. Show me all of why Windows devices, which doesn't have an EDR installed on or haven't been scanned by a vulnerability scanner, simply by combining different piece of pieces of information from different tools. And then finally, once something doesn't meet your expectation or does not adhere to a policy, you can also automate response. Send me a ticket, send me a notification, install an agent, update that piece of asset in my CMDB all automatically using an automation module. That's it.