Why federal cybersecurity teams are prioritizing asset management
Jake Munroe is a product marketing manager at Axonius and has held various roles across the security space in consulting, marketing, and sales. Prior to joining the private sector, Munroe served as a Navy Intelligence Analyst with an extensive background in counterterrorism, cyber threat intelligence, and open-source intelligence investigations.
Before the pandemic, there was significant urgency to improve network visibility. Accommodating remote workers added to that urgency by introducing more threat vectors. This prompted federal agency leaders to think about security risks in new ways and to prepare for when the workforce returns to the office.
There are many variables to consider — among them, loosened bring-your-own-device policies. While these policy shifts were necessary to accommodate an expanded remote workforce, they’ve left agency IT leaders grappling with significant security gaps. What’s more, as those previously remote devices return to physical offices, they’ll perpetuate the massive visibility challenges CIOs and CISOs already face.
IT’s innately complex landscape can make it hard to answer basic questions about asset management. A new approach aims to solve three challenges federal security teams are facing: understanding what assets an agency has, identifying the security gaps associated with those assets, and taking action to enforce security policies.
Getting a credible asset and user inventory
Asset management is foundational to compliance and there are many key regulations agencies are tasked with adhering to: NIST Cybersecurity Framework, CIS 20, CDM, etc. Even so, asset management is still a challenge for many agency IT teams, resulting in questions like:
- Is my agent everywhere it should be?
- Are my cloud instances covered?
- What unmanaged devices are connected to privileged networks?
These are the questions agency IT teams want quick answers to, and yet so often are challenged to resolve.
Traditionally, agency security teams are intimately familiar with security tools, and IT teams familiar with asset management tools — but there’s limited crosstalk between these data sources. Additionally, traditional approaches to compiling an asset inventory are typically time consuming and error prone, often requiring manual input into spreadsheets listing the physical devices, software and licenses across various departments. As soon as an inventory is compiled, it quickly becomes obsolete.
CISA’s Continuous Diagnostics and Mitigation (CDM) program has been active for nearly a decade to help fortify cybersecurity of agency networks. Even so, many agencies are still struggling to enforce a holistic strategy around network visibility.
The cybersecurity asset management approach delivers agencies with enhanced visibility into assets and issues, enabling them to gain compliance with key regulations.
Axonius is a cybersecurity asset management platform that discovers all of the assets in an environment, and then helps agencies validate compliance and automate remediation. To do this, Axonius uses adapters, not agents or scanning, to connect to over 300 security and management tools, allowing users to collect and aggregate data from across the entire organization.
Discovering security gaps
At Axonius, there are typically three things we recommend to agencies aiming to improve their cybersecurity posture:
- Start by compiling and assessing their asset inventory
- Discover coverage gaps with the data collected
- Enforce security policies.
But taking action on those steps can be challenging when agencies use traditional, manual approaches to aggregate an asset inventory. It’s hard to get a full picture of both users and devices across the various tools which agencies own and when those tools don’t communicate with each other.
A platform that provides data aggregation across all IT security and management offerings can help agencies build and maintain an active asset management system. From there, agencies can identify coverage gaps and take steps to automate and enforce security policies.
Some benefits that federal security teams are seeing from cybersecurity asset management include:
- Increasing security solution deployment by identifying devices and users missing security controls, then automate the coverage of the agency’ existing solutions.
- Finding devices missing security controls to ensure all devices, especially newly provisioned ones, are covered by endpoint protection and have the appropriate software update.
- Ensuring comprehensive vulnerability management to discover workstations, servers, cloud instances, and other devices that aren’t being properly scanned.
- Identifying cloud instances with public IPs in case a cloud instance has been erroneously left open to the internet.
Perhaps the most important benefit is one that can’t be quantified: Confidence. Visibility into assets and gaps gives security teams the tools they need to be more confident in their ability to comply with regulations and keep their agencies secure.
Take action to close security gaps
Because Axonius aggregates together data from all available sources, it provides federal security and IT teams with the ability to send alerts, perform search queries, and enforce an automated action.
Some of the ways we’ve seen agencies use Axonius include:
- Finding endpoints missing agents or endpoints where the agent isn’t functioning properly.
- Performing a query across devices to find instances of unsanctioned installed software.
- Accelerating incident response time by having timely and accurate user and device data all in one place; and querying user and device data to narrow the focus of an investigation.
- Finding and monitoring cloud instances and devices not being scanned for vulnerabilities.
- Finding unmanaged devices on their network by automatically correlating and deduplicating data to uncover risks.
- Finding rogue devices on privileged networks, using query builder, to quickly search across all of your security and management tools.
The suddenly remote workforce only added to an already rapidly changing operating environment for federal IT and security teams. This complexity only underscores the importance of combining asset management, endpoint security, vulnerability assessment, and real-time enforcement together in one view.
Learn more about why asset management matters for federal cybersecurity teams.