How new API adapters bring unity to the tangle of cybersecurity reporting tools

Federal agencies now have a better model for managing their IT assets — and the tools that track them — on-prem and in the cloud.
(Getty Images)

Bobby McLernon served in a variety of IT roles at the FBI before joining Axonius as vice president of federal government sales.

Most of us who’ve been involved with IT security over the past decade — especially in the federal government — can attest to the never-ending proliferation of new and increasingly powerful devices and applications accessing information on federal networks. We’re not just talking about physical and virtual desktops or servers or software-defined networking gear, but satellites, surveillance systems, IP communications tools and of course smartphones, to name a few.

Bobby McLernon, Vice President, Federal Government Sales, Axonius

And inevitably, so too came a steady wave of cybersecurity appliances and solutions designed to monitor and control what all those IT assets were trying to accomplish and whether they complied with federal security controls. Today it’s not uncommon for federal agencies to be maintaining between 20 and 50 tools just to keep up with managing all the IT assets and control systems on their networks.

Each of those solutions, no doubt, provides necessary capabilities and protections that agencies count on. But as every CISO knows, they also present their own layer of challenges. More often than not, these asset management and cybersecurity tools were designed to accomplish specific tasks. They typically got deployed in siloed environments. And they weren’t really built to speak to each other.

The result: IT security teams today face an increasingly complex sprawl of independent monitoring and management tools producing lots of independent reports.

All of that might have been manageable in the days when IT assets were mostly on premises — and we hadn’t become so reliant on operating in multi-cloud environments. But given the scale and dynamic nature of today’s enterprise IT environment today, it has become critical for cybersecurity practitioners to look for a better model for monitoring and managing IT assets and cybersecurity controls across the enterprise.

CDM — the government’s Continuous Diagnostics and Mitigation program — has certainly helped agencies develop the means to increase visibility into potential cybersecurity risks across their enterprise. But even with CDM, agencies still haven’t found an effective way to roll up all that information into a single reporting console, let alone respond as swiftly as they need to.

What’s been needed is the ability to not only collect cybersecurity data — but also actually extract the contextual information from all of these cybersecurity tools, aggregate and correlate that information, then deconflict it and present a comprehensive and unified picture of what’s going on across your entire IT environment.

We’ve found a way, in fact, to accomplish that.

We started with an engineering approach that allows us to create virtual, agentless adapters — and a system for easily deploying them — that can connect to the APIs of almost any data source that knows about an asset today. At last count, we have developed more than 240 adapters that work with every leading security and asset management tool on the market and a growing number of custom-built tools as well.

Once those adapters are in place, enterprise IT teams can then run all of that extracted information through a powerful set of correlation and deconfliction algorithms we’ve developed. Then using an equally powerful query platform, they can discover within a matter of seconds all the assets in their IT environment — managed and unmanaged, cloud and on-premises. They will also see what network components those assets are connected to, what security tools are tracking them, what firmware those assets are using and whether those assets are configured according to the agency’s latest security policies, among other security indicators.

From there, security teams can then turn their focus on identifying security gaps across their enterprise and, just as importantly, take actions to address them. They can also tighten their security posture, by setting up automated triggers and responses, including the ability to install software patches, scan new devices and perform many other tasks.

These capabilities give agency IT leaders the breakthrough they’ve needed to deal with today’s rapidly evolving enterprise IT environments.  It not only gives CISOs more precise and immediate intelligence about their IT environments to meet various federal security requirements, like FISMA and FITARA. It also gives C-suite executives much more granular information about their IT investments across their agency — and across their cloud environments —for IT budgeting and cost control and better long term planning.

Learn more about how Axonius can help your agency gain a unified picture of your IT assets and security enforcement policies on-premise and in the cloud.

Latest Podcasts