Without the comprehensive asset discovery and endpoint compliance reporting provided by Aura, the company was unable to easily identify, manage and control unknown or even known network endpoints, complicating investigations and increasing risk exposure.
Aura ensures the company can quickly and accurately discover all network assets, proactively measure ongoing endpoint compliance with critical security controls, and allow SOC team members of all levels to perform faster, and more complete investigations.
1000s of Endpoint Assets Used by Remote and Office Workers
The company is an independent agency responsible for qualified tuition programs offered by their state and offers one of the largest tuition plans in the country, managing more than $90 billion in assets. The company strives to help make the financial lives of all Americans better, through its commitment to affordable and accessible savings programs, and financial education.
The company has a network that is complex, yet typical of any enterprise today; consisting of cloud and on-premise infrastructure, with remote and office-based workers. Complete and accurate visibility across all network assets is critical for the company’s information security team to ensure all their assets are not only discovered, but managed and compliant with all endpoint security controls.
The team faced three key challenges that were solved using Aura Asset Intelligence:
- Measuring compliance with critical company specific endpoint security controls
- Identifying unknown assets and ensuring that they are managed
- Spending inordinate time during investigations identifying who, what and when
Average endpoint compliance across all metrics after closing security gaps identified by Aura.
Improvement in security investigation speed due to added asset context and intelligence.
Identify and Close Endpoint Compliance Gaps
Using the built-in metrics framework in Aura, the company quickly added custom endpoint compliance metrics to identify gaps across key security controls on an ongoing basis. These included metrics for laptop encryption, vulnerability scanning coverage, application enforcement, malware protection and many more. Before Aura, the team were using manual checklists and security reviews, along with searches in Splunk, to measure endpoint compliance. This took time and the data gathered was not up to date or completely accurate. The metrics in Aura provide the team with continuous and actionable endpoint compliance visibility across their network, allowing them to proactively identify and remediate security control gaps as they occur and demonstrate improvements in compliance over time.
“Aura immediately identified an endpoint security issue, which was exposing our assets to undue risk”
Information Security Architect
Discovery of Unknown Assets
With Aura, the company has gained continuous discovery of all assets on their network, leading to an accurate and complete inventory of their assets. Before Aura, the team would often identify assets on the network that were not in any known asset management system and the mix of both office and remote workers only compounded this issue further. The continuous discovery and comprehensive endpoint compliance metrics reporting provided by Aura, ensures that any unknown assets are quickly discovered, managed and appropriate security controls deployed.
“Aura has drastically improved our security posture through increased endpoint compliance”
Information Security Architect
Streamlined Investigative Process
With Aura, the company has been able to greatly streamline their investigative process and reduce the time spent investigating by more than half. Before Aura, the team would spend hours during investigations performing laborious, manual searches through logs, trying to correlate what assets or identities were associated with what IP addresses and when. Aura has provided a simple, convenient and fast way to enrich investigations with accurate asset and identity information. The intuitive interface provided by Aura has allowed even their novice SOC analysts to easily interpret the data and get to the information needed.
“Aura is invaluable during investigations and usable by all levels of SOC analyst, with minimal training”
Information Security Analyst
Aura Asset Intelligence runs on Splunk. If you would like to find out more or to get a demo or free trial, please contact us us today.