There are myriad security solutions to help organizations protect against intruders, scan for vulnerabilities, encrypt valuable data, mitigate attackers once they penetrate, and so on. But the basic premise of all of these tools relies on knowledge of an organization’s attack surface area. It’s impossible to block intruders from accessing your assets without knowledge of what assets exist. The Center for Internet Security sets the standard for essential security controls to protect your organization. Their top two best practices are 1) inventory and control on managed and unmanaged hardware assets and 2) inventory and control on software assets. It’s hard to overstate the importance of awareness.
Axonius isn’t the first to service the asset inventory dilemma. Existing ITAM tools oriented around purchasing help companies take inventory of devices, understand their lifecycle and depreciation schedules, and streamline contract management. Technical IT teams, on the other hand, can use network access control (NAC) vendors, who do a great job at analyzing and listing all devices that interact with your network, managed or unmanaged, and provisioning network access. Some even take this a step further by matching discovered devices against databases of device profiles, largely positioned around the rise of IoT. Each of these solutions lack the most important functionality associated with asset management — contextualization. The answer is never as simple as just knowing an asset exists. Rather, you need to know how the asset exists under your security posture.
Ask a security professional any of the following seemingly simple, mission critical questions: how many unmanaged devices are exposed to your network? Have all the devices accessing your network received an endpoint protection agent? Have all of your EC2 instances been scanned for vulnerabilities? You’ll be hard pressed to get a consistent, confident answer. The problem lies in the absence of a single source of truth of asset data. You’ll get one set of information in Active Directory, another in ServiceNow, and you’ll subsequently run manual cross references with security and management solutions like Crowdstrike, Qualys, Tenable, and others. But what about all the unmanaged devices that you hadn’t previously accounted for? The layers of complexity grow exponentially, and so does your company’s risk. This problem has been exacerbated by the BYOD movement (how many of you bring your own smartphone, iPad, or second laptop to work), the proliferation of IoT, growing popularity of distributed workforces, and the continued push to the cloud and microservices. There are now nearly 20 billion connected devices in the enterprise, over half of which are unmanaged, and as a result impossible to attach an agent to.
Axonius solves this problem with an agentless, integration based approach and becomes the source of truth for contextual asset information. They’ve built a library of over two hundred integrations into the most popular management and security solutions, including all the aforementioned products in this post. They use algorithms to correlate data between integrations, remove duplicates, and consolidate data into one view. Now each asset has the same level of contextual data you’ve come to expect with accounts in Salesforce. They’ve built out read/write integrations to allow organizations to go beyond visibility and into policy enforcement and automation. You can automate scans or attach endpoint protection agents to devices without ever leaving Axonius, thereby closing the gap between unmanaged and managed assets. Serving as the integration layer positions them as an enabler, rather than a competitor, of all these tools. Any security vendor who wants to ensure maximum coverage for their customers can do so through Axonius.
The results speak for themselves. Customers we spoke to claimed over a 20% blindspot on average in their asset inventory pre-Axonius, and nearly 100% visibility post-installation. That translates into day one ROI and is largely why Axonius has never churned a customer.
Today, we’re pleased to announce our Series C investment in Axonius. We welcome Dean, Ofri, and Avidor to a group of other leading Israeli cybersecurity entrepreneurs in the Lightspeed family, including Shlomo Kramer at Cato, Nir Polak at Exabeam, and Dror Davidoff at Aqua. Something about spending years excelling in the IDF and growing up with an appreciation for security instills a level of resilience, teamwork, and a steadfast vision — traits that Dean and the team exhibit in strides. We’re thrilled to join them and our friends at OpenView and Bessemer in creating the next platform cybersecurity company.
– Arsham Memarzadeh, Tal Morgenstern, Will Kohler
Authors