With thousands of global companies depending on Ignition every day, Inductive Automation felt compelled to strengthen their security program and close security coverage gaps with the aim of decreasing third party risk to their customers.Download PDF
Inductive Automation empowers the world's top companies across energy, manufacturing, life sciences, and other critical industries with their unparalleled solution, Ignition, a universal industrial application platform for connecting all data, and designing and deploying industrial applications throughout an enterprise. With thousands of global companies depending on Ignition every day, Inductive Automation felt compelled to strengthen their security program and close security coverage gaps with the aim of decreasing third party risk to their customers. It was important to Inductive Automation to demonstrate that they were a trustworthy partner that their customers could count on for prioritizing security. They set out to find a formal asset management solution to reclaim control of their network.
After scouring the market, Jason Waits, CISO at Inductive Automation, discovered runZero. He downloaded the free trial and scanned a couple of subnets. He enjoyed how the UI/ UX was user friendly, there was a lot of detail, and the fingerprinting was accurate. They became a customer and shortly after they renewed, runZero announced a CrowdStrike integration for providing insight into unknown assets lacking CrowdStrike EDR, which ultimately was the deciding factor for upgrading to the Enterprise tier.
Through their use of runZero, Waits and his team have enjoyed many positive outcomes, including time savings of a few hours per week and total cost of ownership of 90% less than other solutions. runZero has become such an integral part of Inductive Automation’s security program that Waits, and his team have incorporated it into their morning routines. With a cup of coffee in hand, Waits and his team will check runZero as part of getting started for the day.
"runZero sets a high bar for how I expect other tools to perform, from having a user-friendly UI/ UX, to clean, accurate data I don’t have to second guess." - Jason Waits, CISO, Inductive Automation
At Inductive Automation, success translates to continuous, pragmatic company growth, where breaches and outages are minimized, vulnerabilities and insecure misconfigurations are proactively identified, responded to, and fixed, and ultimately their customers are satisfied. So, when Jason Waits, CISO at Inductive Automation, joined the organization over 7 years ago and discovered they didn’t have a dedicated asset management tool, he knew a robust solution was necessary to take back control of their network. “When I started in IT at Inductive Automation, we didn’t really have a dedicated asset management tool. We could sign into vCenter, see our VMs, or our EDR and Active Directory to see many endpoints. But at the end of the day, I would still run Nmap and map it out myself. It was a weak, hodgepodge approach that was scary because it didn’t scale to keep up with our growth,” explained Waits. He added, “I’m a big fan of asset management in general. It’s difficult to secure things and prioritize when you don’t know what you have. That was our big pain point.”
When Waits was promoted to head of security, he led the research effort to understand all asset management options on the market for making an informed decision. It was critical for them to find a comprehensive solution that could scan their entire network, offer network discovery for providing visibility into all IT, IoT, and especially OT assets on their network, including rich, quality data from these assets, and aid with improving their overall cyber hygiene and cyber risk management. They trialed many options, all of which lacked detailed and accurate data, and kept fingerprinting devices as Linux boxes, rather than what the devices actually were:
Inductive Automation discovered runZero and decided to test it out. “I checked the runZero website and there was a free trial, which I love. I downloaded it and immediately scanned a couple of subnets. The UI/ UX was user friendly, and the classification was incredibly detailed,” said Waits. They became a customer and shortly after they renewed, runZero announced a CrowdStrike integration for providing insight into unknown assets lacking CrowdStrike EDR, which ultimately was the deciding factor for upgrading to the Enterprise tier. “As soon as I turned on runZero’s CrowdStrike integration and once I saw it working in action, I immediately deprecated Forescout.”
The team now enjoys runZero’s cyber asset discovery capabilities for gaining visibility into what exists on their network. In fact, they have been able to discover over 50% more assets than what they thought they had on their network before thanks to runZero. “We use runZero to run down software and see what versions we currently have in play,” described Waits. They also leverage runZero to accelerate remediation, taking advantage of the many out-of-the-box queries to expedite incident response. “We absolutely use runZero to help speed up incident response. If there’s a new open SSL vulnerability, runZero is quick to release some helpful queries. I’m a huge fan of that. I don’t have to write the query, so one of my analysts can copy and paste that query should I be out of the office.”
runZero’s customer support team has provided Waits with the proactive, rapid response he needs to keep the Inductive Automation security program running smoothly. “Your support team is fantastic. It’s crazy how they reach out to tell me they fixed a bug I encountered that I didn’t report. That’s happened numerous times. And when I do submit a bug report, it’s handled quickly,” said Waits.
runZero has helped increase the efficiency of Waits and his team when it comes to asset discovery, incident response, and security hygiene, contributing to significant time savings of a few hours per week. This is valuable time they can redirect to focus on other vital areas that need their attention. “runZero makes incident response way easier. If you have to spend 20 minutes trying to determine the asset owner during a live threat, that’s brutal. This isn’t an issue with runZero’s asset owner field. We also use runZero to take screenshots of web services to quickly see what’s running,” said Waits.
Additionally, runZero’s unmatched capabilities and benefits are available at competitive pricing when compared to other solutions on the market. In fact, Inductive Automation experienced a total cost of ownership with runZero of 90% less than other solutions they trialed, and they didn’t need to commit to a multi-year deal. Together, this makes a significant difference for a smaller, mid-market organization like Inductive Automation.
Between offering valuable integrations, visibility into their network, and exceptional support, Waits and his team have developed the utmost trust in and reliance on runZero. It has become such an integral part of Inductive Automation’s security program that Waits and his team have incorporated runZero into their morning routines. “runZero’s release notes are morning reading for my team. I sign into runZero every day. I sit down, drink coffee, pop into runZero, CrowdStrike, Chronicle, and look for any fires as part of getting situated for the day.”
When asked to sum up his experience with runZero, Waits responded, “runZero sets a high bar for how I expect other tools to perform, from having a user-friendly UI/ UX, to clean, accurate data, I don’t have to second guess.”
“We absolutely use runZero to help speed up incident response. If there’s a new open SSL vulnerability, runZero is quick to release some helpful queries. I’m a huge fan of that. I don’t have to write the query, so one of my analysts can copy and paste that query should I be out of the office.”
Gain full visibility into your assets and take control of your networkStart a free trial