In this day and age, as the number of threats is rising exponentially, cybersecurity should be a top priority for companies of all types and sizes.
And we are not just talking about everyday safety measures like installing a VPN on your iPhone. Lack of cybersecurity asset management doesn’t merely make security operations more challenging. It develops critical risks for the overall business.
For this reason, we invited Amir Ofek, CEO of AxoniusX – cybersecurity asset management and SaaS management solutions provider – to share his knowledge on current cybersecurity and threat prevention methods.
How did Axonius originate? What has your journey been like?
It was the question: ‘What devices are on your network and where?’ that led to Axonius being founded by our CEO Dean Sysman. While working for another cybersecurity company he and his team realized that it was simpler to identify a nation-state actor than it was to identify the device on which the attack was happening. This presented an opportunity to build a platform that could integrate with multiple data sources to get information on devices, users, and cloud infrastructure.
Our journey since then has been rapid. In little more than five years, we have become a leader in cybersecurity asset management, and last year achieved a huge 132% year-on-year increase in annual recurring revenue. This is the third consecutive year of triple-digit revenue growth.
It’s fuelled by the demand for cyber asset attack surface management solutions and because we are the only platform to provide companies with complete visibility and automated policy validation on all assets, devices, and users, our customers readily acknowledge the value that we have provided for them. It is their recommendations to other organizations that are behind our explosive expansion.
Can you tell us a little bit about your platform? What are its key features?
We solve the decades-old problem of asset visibility in complex IT environments with our key solution Axonius Cybersecurity Asset Management. This can connect to more than 400 security and technology products to provide a current, unified view across all assets, which allows organizations to identify any security solution coverage gaps and then automatically validate and enforce their security policies.
Recently we introduced Axonius SaaS Management, which is the first solution to combine the benefits of SaaS management and SaaS security posture management. This enables security, IT, finance, and risk teams to realize a single source of truth in their entire SaaS application landscape. It gives visibility across all data types and interconnectivity flows, identifies misconfigurations and security risks, and delivers actionable insights that improve management and benefit-cost optimization.
Together, these two solutions provide a comprehensive platform that can unify all digital assets, from SaaS apps to devices, user accounts, and cloud assets, allowing customers to control complexity in their IT environment.
What would you consider to be the most challenging issues that IT teams face these days?
There are many challenges, but for us, it is the difficulty of maintaining a comprehensive asset inventory and knowing whether assets are properly secured. The problem is not a lack of data or tools, indeed the information they need to answer asset-related questions exists in many silos and products, but there is no way to correlate information and automate action.
Without this data at their fingertips and always up-to-date it is much harder for IT and security teams to identify where the gaps are in their security solutions or ensure assets are in compliance with security policies and know if an asset has deviated from that policy.
How did the recent global events affect your field of work? Were there any new challenges you had to adapt to?
From the perspective of our customers, there was a rapid shift to remote work followed by the more flexible approach we’re seeing today in which on-site and remote work are combined. This does put a lot more importance on securing employees’ connections, and many organizations are using a zero-trust approach to reduce risk, but this is predicated on knowing every device and its security posture before a request for a connection can be validated.
Of course, shadow IT practices have increased, the cyberattack surface has expanded with the growth in cloud collaboration tools, and this level of distribution in IT infrastructure has forced companies to improve visibility across their assets. Unless they can see and understand the full picture, they are at greater risk of attack or non-compliance.
In your opinion, what misconceptions surrounding cybersecurity are the most prevalent today? What IT and cybersecurity details do you think are often overlooked by new companies?
We don’t see a real difference between how new or more established companies address cybersecurity. All modern IT environments are complex and what can happen is that security solutions don’t automatically dovetail with each other to provide comprehensive cover.
This leaves gaps through which cybercriminals can gain access whether it’s to an on-premise network or a company cloud. What we do see is that with the move to SaaS, IT is becoming more complex, the security vectors are increasing and this needs to be addressed urgently.
Although there are plenty of security solutions and providers available on the market, certain companies and individuals still fail to upgrade their cybersecurity. Why do you think that is the case?
Many organizations’ security teams simply lack the expertise and resources to be able to stay on top of the solutions that need upgrading. With an expanding attack surface and the increasing sophistication of cyber threats, security teams have more pressing matters to worry about, and as a result, the foundational aspects of cybersecurity – like upgrading systems – can fall to the wayside.
That’s why having a cybersecurity asset management platform is so critical. Especially one that integrates with your vulnerability assessment tools as well as the NIST database. That way, it can automatically alert you any time a critical vulnerability is published and let your security team know when patching should be prioritized and when any assets found
to have the critical vulnerability present should be updated.
What security measures do you think are essential not only for organizations but also for casual Internet users?
Even though we’re lucky to leverage better technologies to become more efficient and more innovative, those technologies also come with additional connections and applications to our networks, further broadening the attack surface.
But whether you’re just getting started or already have a cybersecurity program in place, your focus should be on identifying business requirements, and business risks, and assessing critical assets. Build a relationship with key stakeholders in charge of your organization’s security strategy and understand how they are monitoring all digital assets.
You can’t protect what you can’t see, so it’s critical to understand all the assets in your environment, including laptops, servers, IoT devices, and SaaS applications. And lastly, implement a zero trust strategy. By applying the principle of “never trust, always verify,” you’ll be able to minimize your risk.