Cybersecurity strategy is completely contingent on knowing what devices, users, cloud instances, software, apps, and more are in the IT environment. And that includes asset data.
Without knowing exactly what’s happening in the IT environment, IT and security can’t have an up-to-date inventory, find security vulnerabilities, and take action.
Security and IT professionals have some of the most sophisticated tools on the planet to protect against, detect, and remediate threats.
But with the increase in the number and range of assets — along with even more tools to secure and manage them — IT and security professionals are struggling.
CAASM: Solving the age-old problem of asset management
Enter: cyber asset attack surface management (CAASM).
CAASM solves ongoing asset visibility, configuration, vulnerability, and security controls management challenges by:
-
Connecting to existing tools and data sources through API integrations (or adapters).
-
Normalizing, deduplicating, deconflicting, and correlating data to show a comprehensive inventory of all assets — both internal and external, on-premise, and cloud.
-
Providing queries to understand any and all sets that deviate from policies, security and management tool coverage, configuration details, and vulnerabilities.
-
Enabling IT and security to figure out what automated response actions to trigger based on conditions.
6 key questions to ask in a CAASM solution
Now that you know what CAASM is and what it does, the next step is evaluating a CAASM solution. But where do you start?
When it’s time to make this evaluation, keep these questions in mind:
-
How can you uncover security gaps, even if you don't know where they are or what they are?
More complexity in IT environments means less visibility, so a CAASM solution that develops a comprehensive inventory provides true visibility.
The Axonius CAASM solution correlates asset data from existing solutions, providing an always up-to-date inventory in real time. The solution continually surfaces coverage gaps, detecting, and accounting for any changes in assets, configuration, and controls.
-
How do you conduct an asset inventory of the entire attack surface continuously and efficiently? Does this include virtual and ephemeral devices? Does it include both on-premise and cloud-based devices?
The ever-changing cybersecurity environment makes it difficult to track everything that’s happening, so a CAASM solution discovers all assets (no matter what they are or where they are) in an IT environment.
Axonius inventories all devices, cloud services, software, SaaS applications, and users — no matter where they’re located, uptime, or power state. The solution does all this by leveraging existing data.
-
Does the solution require any custom work to integrate data sources?
Look for a CAASM solution that already has integrations built in that’s used across by many customers.
Axonius leverages existing tools and infrastructure so no custom work is needed to start. There’s no need to install agents, or do any network scanning or traffic sniffing. IT and security can aggregate, normalize, and deduplicate data using what they already have.
-
Can policy enforcements, notifications, enrichments, and remediation activities be automated and/customized via an open API?
It’s one thing to discover security vulnerabilities across all assets. But what happens once you’ve identified them? Automation is key. A CAASM solution with pre-built automations (plus open APIs) provides more flexibility to automate.
Any query from Axonius can be used to trigger actions any time an asset or user deviates from policies. Alerting responsible parties, expanding vulnerability scans, and creating or enriching CMDB records are some of the response actions that can be created out of the box.
-
How many integrations does the CAASM solution have? How often are integrations maintained, updated, and expanded?
CAASM is driven by integrations with customers’ tools. Verify that CAASM providers have integrations for your current tools and other tools that you might use in the future.
Axonius seamlessly integrates into hundreds of IT management and security adapters, providing more built-in flexibility. The Axonius CAASM solution monitors new software deployments and identifies extraneous, legacy software deployments.
-
Are all integrated data sources normalized into a common data schema and correlated for maximum context and actionability?
Anyone can get data from an API, but understanding it and having a single source of truth is hard. Look into trials to make sure the CAASM solution can actually aggregate and normalize data.
Axonius has built hundreds of integrations with data sources for hundreds of customers. With more and more commonalities across data sources, Axonius feeds these learnings into the solution’s normalization and correlation logic to be more accurate.