Asset Management. PHOTO: Cybercrime Magazine.

Cybersecurity Unicorn Axonius Stares Into The CAASM

How fast can this company go from zero to IPO?

David Braue

Melbourne, Australia – Nov. 1, 2021

Pop quiz, CIO: how many devices are there on your company network?

If you know the exact answer, you’re doing better than most – and you might well already be using the network asset discovery features of Axonius, a fast-growing startup that has exploded from releasing its first version in 2018 to triple-digit annual growth, 275 employees and a $1.2 billion valuation just three years later.

“We’re trying to build the fastest cybersecurity company in history to go from zero to IPO,” chief marketing officer Nathan Burke told Cybercrime Magazine, noting that it was just two years ago that the new product was presented against nine competitors and won the RSAC Innovation Sandbox Competition.

This year, the same company secured $100 million in series D funding that it plans to use to take its platform to the world.

Leveraging that funding, Axonius recently announced that it would expand into the Asia-Pacific region from a new headquarters in Sydney — directing the company’s efforts to bring order to a regional IoT market that Frost & Sullivan has estimated will be worth $436.8 billion by 2026.

The magnitude of its rapid growth suggests that many CIOs and CISOs still can’t answer the same simple question — what devices are on your network and where? — that led Axonius CEO and co-founder Dean Sysman to sense a market opportunity in the first place.

Working at another cybersecurity startup, Burke explained, Sysman and his team “were able to identify a nation-state attacker on the company’s network. But instead of being excited like he was, the company said ‘we’ll never be able to figure out what device that is’ — even though it was on their own network.”

“It was easier to find a nation-state actor than it was to identify a device.”

Given most companies’ degree of investment in network management tools over time, Sysman was “shocked” by the idea that they still couldn’t identify the devices on their network — and set about building a tool that would fix the problem.

The idea was simple: throw all the data from network and endpoint-monitoring tools into a pot and stir, then deduplicate and normalize that data to generate a list of all the assets on the network — and identify the gaps where companies previously had no visibility of their devices.

The approach is particularly valuable for environments where Internet of Things (IoT) devices are being rapidly deployed to improve connectivity and management across the extended enterprise.

Surging deployments of IoT devices are creating massive new security risks, with Kaspersky recently reporting that the number of attacks on its IoT honeypots exploded from 639 million during the second half of 2020, to over 1.5 billion in the first half of this year.

Hands off the endpoint

Rather than trying to actively probe networks and cloud platforms, Axonius lets other tools do the heavy lifting and focuses on its proprietary analytics to sort the proverbial wheat from the chaff.

The platform uses purpose-built “adapters” to integrate with any of over 386 data sources ranging from networking equipment and EDR agents to cloud infrastructure and change management databases (CMDBs) — “anything,” Burke explained, “that can give us information on devices, users, and cloud infrastructure.”

Add your credentials and the tool engages with the devices to do exactly three things: give you a “comprehensive and up-to-date inventory” of your assets, build queries to explore discrepancies in greater detail, and automate the raising of alerts, trouble tickets or other responses once discrepancies are detected.

Because each administration tool knows different details about each networked device, aggregating that information paints a far more complete picture of each device than any of the tools can provide on its own.

“The security organization absolutely gets it,” Burke said, “because more and more they are the downstream consumer of this data. And if they’re able to get the IT asset management piece right and get the right information, then it makes their job easier.”

By tapping the system’s additive search structure, users can drill down to, for example, identify all devices that do not have a particular security tool installed on them, or sniffing out cybercriminals’ lateral movement by creating a list of all Windows machines that have been accessed by another device in the past 24 hours.

Over time, security teams can build up a dashboard of the things they care most about — making it easy to monitor changes in network configuration, application of patches, use of cloud tools, or myriad other variables that are relevant to everyday business functioning.

In July, Gartner coined a new term, cyber asset attack surface management (CAASM), to describe the type of use case that Axonius enables — describing it in a recent hype cycle report as “an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges.”

That description is apt, Burke said, given the ever-increasing complexity of enterprise network environments and the difficulties in reconciling new devices to the limitations of old platforms.

“As you’ve seen over the years, the only thing we can count on is complexity,” he said, “and the more complex and fragmented our environments are, the bigger this is a problem — and the more downstream impact to security and infrastructure.”

“It is just becoming something that CISOs and CIOs are really focusing on now — because they can nail the fundamentals, they can get ahead of the complexity that is inevitable.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

About Axonius

Axonius was founded in June 2017 to answer a simple question. Despite all of the high-tech, sci-fi tools we have in cybersecurity, why is it so difficult to answer simple questions about the devices, users, and cloud instances we’re tasked with securing? Asset management is so foundational, yet it’s a nagging problem that is only getting worse. Co-Founders Dean Sysman, Ofri Shur, and Avidor Bartov, veterans of an elite intelligence unit of the Israeli Defense Force built Axonius to solve the asset management challenge for cybersecurity. Axonius is headquartered in New York, NY and our R&D team is based in Tel Aviv, Israel.