Fortune 50

Saving Millions Annually with Real-Time Asset Inventory

With Balbix, a CSP leverages automated real-time asset inventory to identify 158% more assets and leverage a 100x faster risk identification and mitigation workflows.

Infosec Team’s Challenges

IT and cybersecurity teams in this organization were frustrated by the lack of accurate asset inventory. As a senior executive responsible for securing applications put it:

“Our inventory process was a mess. We were unable to properly identify and categorize assets. Yes, we had dozens of tools and some ad-hoc integration, but it was difficult to correlate the data from these sources into a single, comprehensive inventory.”

Not having a single accurate asset inventory system meant that many IT processes involved manual steps to query multiple tools, tediously collate and sort through the (often conflicting) data, before the desired information was available. For example, identifying, prioritizing, and mitigating cybersecurity vulnerabilities across millions of assets was very time consuming.

Enter Balbix

With Balbix, this customer was able to implement real-time asset inventory by integrating data from the on-network ground truth and key IT systems.

  • An accurate inventory of all assets, including devices, apps and services, managed and unmanaged, on-prem and cloud, fixed and mobile is automatically kept up to date.
  • Assets are de-duped and categorized. Usage, network traffic and asset attributes are analyzed and indexed. 158% more assets were identified over the previous inventory process.
  • Each asset is continuously analyzed across 100+ attack vectors to identify vulnerabilities. Risk identification and mitigation workflows have become 100x faster.

Asset Inventory

Balbix connectors were configured to collect data from multiple systems of record, in order to extract business logic information automatically and continuously from these systems. Balbix sensors were also deployed in the customer’s major data centers to monitor north-south and east-west traffic at strategic points in the network. The architecture of the deployment is shown in the picture below.

Using tags imported from these existing systems of record, the customer was able to construct a set of groups in Balbix that reflected the organization structure and asset ownership hierarchy. Assets were automatically discovered, tracked and mapped to relevant groups. Stale and contradictory information was automatically resolved with Balbix’s AI algorithms performing the function of a tireless, very knowledgeable human operator. A small amount of necessary human input was facilitated by simple workflows.

Some of the inventory related use-cases that were enabled include:

  1. Search: For the very first time, customer stakeholders could search for any asset in the organization using both natural language queries as well as attribute filter queries in a single console. These searches execute in milliseconds and reflect the real-time state of the network.
  2. Tracking Mission Critical Assets: This group of assets includes servers and end-user systems across the organization that are critical for some reason. Balbix tracks this group using a set of trained AI models that encode the knowledge defining the different things that make an asset mission critical, as opposed to constantly adjusting tags via human input. Notifications and workflows are automatically triggered on specific state changes in this asset group.
  3. Identifying Obsolete Software: Any piece of software which is old and at the same time has not be used by any user or workload in the last N days. With Balbix, a simple query that runs in less than 1 second provides a list of software that no one is using, but the organization may be be paying maintenance fees for.

Vulnerability Management

“Previously, responding to a new vulnerability like Sambacry required manual work, script-writing and communication between multiple teams to identify assets at risk and perform mitigation tasks. This process would take weeks. With Balbix, we can query for assets at risk and track remediation in real-time, shrinking the response time from weeks to hours.”

The new Balbix-powered setup continuously discovers and prioritizes emerging vulnerabilities based on risk, incorporating information about vulnerabilities, threat levels, asset exposure, security controls and business criticality. Dashboards with powerful natural language search capabilities enable stakeholders across the organization to identify risk areas quickly. APIs trigger automated workflows, enabling the organization to trigger mitigation steps immediately after learning about a new issue.

Since this customer is massive and distributed, Balbix enables the organization to be partitioned into asset groups. We can designate risk owners and SLAs for each asset group, with corresponding dashboards tracking risk mitigation performance against target SLAs, and integrated workflows. Any action taken anywhere in the organization immediately feeds back into these dashboards and reports, enabling hundreds of stakeholders to tightly coordinate risk management and resolve any gaps quickly.

For a major IT project such as implementing real-time inventory at carrier-scale, it is quite hard to get the deployment over the finish line. Many projects never make it, and several fail to deliver the promised value.

We asked our customer to summarize their three biggest takeaways from their Balbix project for this case study. Here is what the customer listed.

  1. Thanks to Balbix, we have real-time asset inventory with continuous monitoring. We get actionable insights for IT and risk every day.
  2. We were surprised by the simplicity and ease of deploying Balbix with the ability to scale to millions of assets. In our experience, this is uncommon.
  3. Balbix’s flexible architecture supports the ability to add additional use cases and integrations. We are planning to improve several IT, cybersecurity and compliance processes using Balbix.