When Doug Graham joined Lionbridge in 2019, he was tasked with building a robust security program across the organization.
The first step in the process for Graham, chief trust officer at Lionbridge, was understanding the assets he was trying to protect, and the coverage and effectiveness of the security controls in place.
But maintaining a current and accurate asset inventory — and getting quick answers to asset-related questions — soon turned out to be an “uphill struggle”.
“As I looked at the assets we had across the organization, the data was all there in various different systems. If I asked the right person in IT, I could get the right piece of information — but it was a complex process,” Graham said.
Demands for faster provisioning and a rapid move to the cloud were only driving further complexity.
Without a centralized tool that could correlate data across all these different sources, the team had to “rely heavily on this institutional knowledge,” he said.
Graham quickly realized the need for:
- A simpler, faster, and more effective way of getting enough context to secure assets
- An automated process for accessing asset information
Taking Action With Axonius
Graham brought in the Axonius team to put together a proof of value to see how the platform would help address the security team's challenges.
Today, Axonius enables Lionbridge to:
- Correlate data from 25 different data sources across their on-prem and cloud infrastructure and applications, building a single source of truth for inventory and configuration
- Get an accurate, up-to-date, machine-level inventory, and provide a user-level inventory
“This allows us to create a set of complex queries, and lets us see things like the coverage of our security controls and how effective they are,” he said.
Apart from providing context about software and hardware assets, the Axonius platform also offers a consolidated inventory for user information. Adding the user context to assets allows for “marrying the traditional system inventory with a user inventory,” showcasing the interaction of both together, Graham said.
This in turn helps security analysts to accelerate incident response investigations by getting answers to critical IR questions.
While Axonius was brought in as a security tool, its usage isn’t just limited to the security teams.
The platform is being used by the IT and engineering teams as well, Graham noted. It helps them build their own use cases, charts, and metrics, he added.
Plus, Axonius also doubles as a governance tool. Why? Because, Graham said, it allows the security team to go in and look at these IT dashboards and make sure IT teams have the tools available to do their work effectively.
“Axonius provides us with a single source of visibility and a single source of truth. We're no longer arguing about what's there and what's not there, what's been patched and what's not been patched, and what coverage looks like.” -Doug Graham, chief trust officer at Lionbridge
Check out the full case study here for a look at how the team at Lionbridge leveraged the Axonius platform and the results they achieved.