Enterprise security teams are in the unique position that they must understand the risk posture of — and secure — every asset. No other IT function has such an expansive mission, with most managing small slivers of the overall estate. Indeed, security is under enormous pressure to stop every attack on every asset while attackers only need to get it right once.
What’s important for security when it comes to asset inventory? Consider the following:
- Securing every asset starts with complete visibility and knowledge of every asset. You can’t secure what you don’t see or know about. The inventory must account for every asset.
- Context is king when it comes to making security decisions. The more robust the set of data characteristics about each asset, the better armed the practitioner is when making decisions at the time of alert triage, responding to an incident, or prioritizing vulnerabilities and mitigation actions.
- Time is the nemesis of security. Attacks are persistent and happen in real time. The only constant about the asset inventory is change. Change is constant and the velocity of change is accelerating. The asset inventory must keep pace with this change, staying up-to-date in near real time.
In the modern enterprise, security teams often turn first to the CMDB as a repository for asset information. And why not? Millions have been spent deploying the CMDB. But the same challenges always crop up:
- Lack of completeness — The asset in question isn’t there.
- Lack of details — Key aspects needed for a decision don’t exist.
- Data obsolescence — IP address is four days old, port opened three days ago, and the vulnerability is a zero-day exploit.
As a result, the security analyst, the incident responder, and the threat and vulnerability management engineers start digging into individual data sources to stitch together a complete picture about an individual or set of assets.
Time is wasted. Response times elongate. Pressure mounts. Fatigue and burnout.
Wash, rinse, repeat
So why does the problem persist? Organizations aren’t going to throw out their CMDB. Many companies dedicate increasing investment annually trying to solve these problems via new “discovery” technologies and new custom-built integrations. However, the problem isn’t solved because the rate of change of complexity over time is accelerating faster than teams can research, procure, and deploy new technologies and/or build and manage CMDB integrations.
A complete, comprehensive, and always up-to-date asset inventory can only be obtained by aggregating a large swath of data sources together and polling those sources constantly.
- Some assets only exist in one data source
- Some data characteristics only exist in one source
- A change in profile/posture is reflected in the sources that see, manage, and control the assets.
Establishing and maintaining CMDB data source integrations has an extremely high TCO and a very low TTV. Challenges include:
- The data source configurations (how the technology is deployed) are always changing with new functionality and features.
- The data source APIs change over time, often reflective of progressively more robust capabilities and maturing of the source product.
- Data sources themselves are often ripped and replaced as new, more viable technologies enter the marketplace.
- Each integration must be understood in the context of every other existing integration. A determination must be made about which source is the most trusted source for any one of hundreds of data fields when considering what to normalize and what to leverage for deduplication.
- Every change in the source configuration, the APIs of the sources, or the sources themselves have downstream effects on data normalization and deduplication.
How Axonius helps solve the CMDB integration issue
The complexity of understanding any two integrations is high. The content and context of 20 different integrations becomes mind boggling. The ability of an enterprise to manage this problem slows to a crawl. Ultimately, the consumers of the CMDB look for alternative point solutions to help fulfill critical job functions. Axonius provides the best answer.
Axonius has nearly 700 out-of-the-box data source integrations, with a new integration becoming available every three days. Due to the wide range of source integrations, customers can obtain a complete inventory of all assets in days, and, in many cases, hours. Because the library of integrations spans every type of IT and security technology in a customer environment, context is achieved simply by connecting to a dense variety of sources. Since Axonius has incorporated a consistent data normalization framework across the library, the customer doesn’t need to spend any time building deduplication logic. Axonius creates a deduplicated and deconflicted inventory automatically, reducing the time, effort, and complexity that comes with developing integrations into a CMDB.
Axonius is not competitive to the CMDB – instead, we consider our approach to be complementary. We can be a force multiplier for ITSM teams looking to improve and maintain the overall asset inventory inside the CMDB. Axonius accelerates the exposure of CMDB asset gaps – whether finding assets completely missing from the CMDB or finding characteristic gaps for individuals and groups of assets. Axonius helps CMDB teams reconcile the CMDB inventory against the actual assets that exist across the environment, on-premise offices and LAN networks, in the cloud, and even those mobile assets in the hands of remote workers.
How does Axonius do this? The answer is simple. Connecting Axonius to a wide range of sources produces a complete, contextual, and unique inventory. One of these sources can include the existing CMDB. Reconciliation then becomes a simple task of asking the question, “Show assets known to Axonius that aren’t known to the CMDB?”, or “Show assets in common between Axonius and the CMDB but where Axonius has a data element (like a Mac address, an IP address, or the open ports on a device) that’s missing in the CMDB?” The range of possibilities grows with each new source added to the Axonius data pile.
The last thing to note is timing. Axonius reconstitutes the complete inventory at minimum once daily and often several times a day. This means that Axonius has the most up-to-date asset information and, therefore, more accurate data than the CMDB. CMDB teams should strongly consider using Axonius to find and understand key gaps.