Visibility is the first step in any cybersecurity strategy. Before you can lock down your network, you have to know what’s on it.
This is the basic concept behind the new integration of Axonius asset management software with DNS management tools from BlueCat. Working together, these two platforms provide a new level of visibility into network devices, allowing IT managers and cybersecurity professionals to assess cyber risk, mitigate security gaps, and ensure compliance with security best practices.
Cybersecurity Asset Management From Axonius
Axonius is a cybersecurity asset management platform that gives customers three things:
- A credible, comprehensive asset inventory
- An understanding of security coverage gaps
- Automated security policy validation and enforcement
The Axonius product simply connects to the security and management systems that its customers already use and requires no additional agents. Customers simply choose the solutions they use, provide credentials, and the system starts collecting and correlating information about assets and users.
Integrating cybersecurity asset management and DNS
Here’s how the integration works: Axonius already integrates with over 100 network tools to provide unprecedented visibility into the activity of “managed” devices – devices where a software agent is installed to run security checks, install patches, and manage performance. BlueCat uses Domain Name System (DNS) data to feed Axonius information on “unmanaged” devices such as IoT sensors, mobile phones, and other connected hardware which may not otherwise appear on an asset inventory.
There are several reasons why these unmanaged devices might not be recognized by other software. Sometimes they have a transitory place on the network which makes consistent identification difficult. Often, they lack the capacity to install and run on-device agents. What they all have in common, however, is the need to communicate with the network. That’s where DNS comes in.
With centralized management of DNS infrastructure through BlueCat, every device which interacts with the network – managed or unmanaged – can be identified. Pushing this DNS information into the Axonius console allows IT administrators to discover and manage every device which connects to the network.
This helps cybersecurity administrators apply security policies to every device on the network – not just the devices they happen to manage directly. Using DNS records from BlueCat to identify out-of-policy devices, Axonius allows administrators to run automated security controls on those devices.
The integration allows administrators to run an Axonius-based search against DNS data on a regular schedule, ensuring a consistent approach to device security which matches the cadence of the cybersecurity team. The integration can also be deployed manually at any time, creating an instant device audit for the entire network.
Case Study: Finding Unmanaged IoT Devices
Here’s one quick example of how this integration can enhance your security posture. A customer recently tried it out, and discovered a previously unknown device on the network. This was an unmanaged device that was transmitting data on the company’s servers, but was not registered as a corporate asset. It turned out to be an IoT device – a smart plug which a network administrator (!) had started using without authorization. The device was located and disconnected immediately.
DNS proved to be the critical component in the discovery process. Since the device wasn’t operating with an assigned IP address or using the standard security agents commonly used in large enterprises, it operated under the radar of IT administrators. The only “signature” it offered was its use of DNS to communicate with the network and utilize the company’s infrastructure to search for product updates. Since these same channels could be used for malicious purposes, the decision was quickly made to pull the plug – literally.