This is the third in a three-part discussion on cyber asset inventories with Tom Kennedy, Vice President of Axonius Federal Systems. part one explored the role cyber asset inventories play in establishing a zero-trust approach to cybersecurity, and second part reviewed the federal government’s requirements for reliable asset inventories and their many benefits. The third part discusses the emerging need for managing the attack surface of cyber assets and how agencies can best meet this need.

MeriTalk: Axonius coined the term “cybersecurity asset management” to explain its approach to understanding assets and their security and management coverage. Four years later, in 2021, Gartner coined the term “Cyber ​​Asset Attack Surface Management (CAASM)” and included the category in its Hype Cycle for Network Security 2021. Today, CAASM is an emerging technology in the Gartner Hype Cycle for Security Operations 2022. Was Axonius ahead of the curve in cybersecurity asset management?

Tom Kennedy: Yes. Our CEO, Dean Sysman, has an interesting story about how he got into this space. He came out of the military and he was in the cybersecurity space. There’s been so much focus on cyber threats and finding bad actors. But he realized that getting a current count of assets — one of the fundamentals of cybersecurity — is more difficult than finding an advanced cyber threat.

It was the big idea that led to the creation of Axonius. We were the first to move into this space. We are a market maker and are delighted with Gartner’s coverage. This validates the big problem we are solving. We imagine the Hype Cycle will move into a Magic Quadrant at some point, and Axonius will be seen as a leader.

The idea of ​​CAASM puts shadow IT in context. If you look at your business as a whole as an attack surface and you don’t see part of it, that’s pretty scary. It’s like a boxer. If they don’t have their full vision to block punches, it usually ends very badly.

MeriTalk: According to Gartner, CAASM “allows organizations to see all assets (internal and external), primarily through API integrations with existing tools, query consolidated data, identify the extent of vulnerabilities and gaps in security checks and troubleshooting”. Am I correct in saying that this is exactly what Axonius does?

Kennedy: Absolutely. I’m going to read you a few words from customers who I think are doing a good job of grasping the problem. “The government is looking to increase the completeness, speed and accuracy of managing the inventory of cyber assets on its network. The government must be able to recognize vulnerabilities comprehensively and quickly to patch every one of its systems, including a growing range of devices, IoT sensors, and cloud-connected solutions. An integrated view of the details of every system on government networks is a crucial starting point for accelerating the process of learning about a new vulnerability, determining which systems in the inventory are affected, applying the patch, and verifying that the systems do not. are more vulnerable.”

It was in a requirements document for something we did with the Department of Defense. But I find it interesting how our customers approach it. It’s quite similar to our position.

MeriTalk: CAASM is an emerging technology. What is your assessment of its awareness and adoption, particularly in the government space?

Kennedy: It’s a long-standing need whose time has come (especially given the recent asset Management and zero trust tips). The lack of a comprehensive inventory of cyber assets is only just beginning to attract a lot of attention. Axonius is a relatively young company. We are here to educate the government market and grow our brand. Making CAASM known is our greatest challenge and our greatest opportunity. Above all, we raise awareness by taking care of our customers. If you take care of your customers, they are your biggest advocates. Make them successful, delight them and they will sell for you by word of mouth. This is especially true within the federal government, which is a big referral-based buyer.

Executive orders and directives from the Biden administration are also helping to raise awareness. The current administration cares more about cybersecurity than we have seen in previous administrations, partly because of priorities and partly because of a better understanding of vulnerabilities. Budget appropriations also help.

MeriTalk: Overall, what could be the potential impact of CAASM on federal cybersecurity?

Kennedy: I would be really proud if CAASM officially became a foundational step for zero trust. If everyone thought, “In my zero trust strategy, I need a strict cyber asset management strategy,” that would be great for cybersecurity in general.

MeriTalk: Around the world, agencies and organizations use many different cybersecurity tools. Thinking more granularly about CAASM, how can agencies justify investing in this new solution? What kind of quantifiable benefits can they expect?

Kennedy: We have this conversation a lot. Often, CIOs will say, “I have enough cybersecurity tools. I can’t afford more. I don’t have the bandwidth to handle anymore. Unless you replace something, I can’t talk to you.

The CAASM does not necessarily replace a tool. We will make all your tools more effective by gathering information and correlating it with other tools. Now downstream, once Axonius is in production, this could lead to cost savings for customers by eliminating some unused tools that they pay for. Likewise, Axonius also saves you the manual labor and time of identifying and fixing vulnerabilities, as well as assembling the complete cyber inventory. When audit season rolls around, your agency will be well prepared without the typical scramble to ensure all systems are accounted for. What used to be a multi-day process is now available in real time.

MeriTalk: Beyond the visibility into assets and vulnerabilities that CAASM provides, how does CAASM – and specifically Axonius – help in areas such as incident response or endpoint management?

Kennedy: Axonius has the Application Center, which can take action once a vulnerability is identified. We have a pretty cool restore feature. Axonius takes a snapshot of all data over a period defined by the customer, for example every day or every eight hours. Then you can go back in time to see your computing environment in an earlier state. This is important in incident response. If you had an attack 28 days ago, you might not know exactly which devices were on the network at that time. This feature helps you understand the scope of the attack. If the attacker was targeting your cell phones, you could identify which phones were on the network that day to determine the exact radius of the blast.

Source link

Leave A Reply