Axonious
Axonius is a cybersecurity asset management platform that solves a foundational problem for organizations: the lack of a complete and up-to-date inventory of all their digital assets. In the context of cybersecurity, you cannot secure what you don't know you have. Axonius addresses this "asset visibility" challenge by creating a single, comprehensive source of truth for all assets across an organization's environment.
Axonius acts as the central intelligence hub for an organization's cybersecurity program. It provides the foundational asset data needed to run other security tools effectively, reduces manual work, and enables the automation of security policies to minimize risk and enhance an organization's overall cyber hygiene.
ThreatNG, as an external attack surface management and digital risk protection platform, would help a company that uses Axonius by providing a crucial outside-in perspective that complements Axonius's internal visibility. Axonius excels at consolidating data from internal sources to create a complete inventory of assets and identify security control gaps. At the same time, ThreatNG focuses on what an attacker sees from the internet. The synergy between the two creates a more comprehensive security posture.
External Discovery
ThreatNG performs purely external unauthenticated discovery, meaning it doesn't need to connect to a company's internal network to find its digital assets. ThreatNG would identify the company's Axonius instance as a publicly facing SaaS application associated with the organization. This is a part of its Cloud and SaaS Exposure module. It also discovers other assets, such as subdomains, mobile apps, and public code repositories, that could pose a risk to the company’s use of Axonius.
Example: ThreatNG would discover that
mycompany-axonius.comis an active domain and identify it as an Axonius implementation used by the organization.
External Assessment
ThreatNG's external assessment capabilities would evaluate the security of the company's Axonius instance and other related assets from an attacker's viewpoint.
Cyber Risk Exposure: ThreatNG would check for exposed sensitive ports or insecure certificates related to the Axonius domain. It would also factor in Code Secret Exposure, which discovers if any code repositories contain sensitive data, like API keys, that could be used to compromise the Axonius platform. It also considers compromised credentials on the dark web that could be used for an attack.
NHI (Non-Human Identity) Exposure: ThreatNG's NHI Exposure score assesses the risks associated with API keys, service accounts, and system accounts that may be used to interact with Axonius. This score is particularly relevant because NHIs often outnumber human identities and can be mismanaged, making them prime targets for adversaries. The assessment identifies exposed APIs and non-human identities within sensitive code or cloud environments.
Supply Chain & Third Party Exposure: Since Axonius is a third-party vendor, ThreatNG would assess the company's exposure from this relationship. This includes evaluating the technology stack and discovering cloud and SaaS exposures that could impact the client organization.
Investigation Modules
ThreatNG provides several detailed investigation modules to analyze findings:
Sensitive Code Exposure: This module identifies whether the company's public code repositories or mobile apps contain sensitive information, such as an API key for a dashboard or an integration that connects to Axonius. It would also look for credentials for various platforms that could be used to pivot to the Axonius environment.
Domain Intelligence: This module could uncover typosquatting domains (e.g.,
axonius-mycompany.cominstead ofmycompany-axonius.com) that could be used in a phishing attack targeting employees with access to Axonius.NHI Email Exposure: This feature specifically groups email addresses with roles like
security,admin,system, orservicefound in various sources, such as WHOIS records and compromised credentials. This helps to identify and secure administrative accounts that have privileged access to platforms like Axonius.
Intelligence Repositories
ThreatNG's intelligence repositories, branded as DarCache, power its assessments. For a company using Axonius, these repositories provide critical context:
DarCache Rupture (Compromised Credentials): This repository would be checked for any compromised user or non-human credentials that could be used to log into the Axonius platform.
DarCache Vulnerability: This repository offers a comprehensive view of vulnerabilities by examining their real-world exploitability and potential impact. It combines data from the National Vulnerability Database (NVD), Exploit Prediction Scoring System (EPSS), and Known Exploited Vulnerabilities (KEV). This would help a company prioritize patching on its Axonius-related infrastructure that poses a real and immediate threat.
Reporting and Continuous Monitoring
ThreatNG provides various reports, including executive, technical, and prioritized reports. These would detail the findings related to the company's use of Axonius, such as any exposed API keys or misconfigured DNS entries, and provide Risk levels and Recommendations to help the organization prioritize its security efforts. ThreatNG also offers continuous monitoring of the external attack surface, ensuring any new risks are detected promptly.
Complementary Solutions
ThreatNG's external, unauthenticated approach complements internal security tools, creating a more comprehensive security program.
Security Information and Event Management (SIEM): A SIEM solution, like Splunk, collects and analyzes log data from internal systems. If ThreatNG discovers compromised credentials on the dark web, this intelligence can be fed into the SIEM. Then, if the SIEM detects a suspicious login attempt to Axonius, it can correlate the event with the intelligence from ThreatNG, providing a richer context for the security team.
Vulnerability Management Solutions: Internal vulnerability management tools, such as Tenable or Qualys, scan for vulnerabilities inside a company's network. ThreatNG's DarCache Vulnerability intelligence, especially its KEV data, can be used to inform these tools, helping the security team prioritize which vulnerabilities to patch first on their Axonius-related infrastructure.
Identity and Access Management (IAM): An IAM solution, like Duo, manages user identities and access to applications. If ThreatNG discovers a compromised non-human identity, such as an exposed API key for Axonius, this information can be used to revoke that credential in the IAM system automatically.
