Inductive Automation leverages runZero to discover over 50% more assets

Problem

At Inductive Automation, success translates to continuous, pragmatic company growth, where breaches and outages are minimized, vulnerabilities and insecure misconfigurations are proactively identified, responded to, and fixed, and ultimately their customers are satisfied. So, when Jason Waits, CISO at Inductive Automation, joined the organization over 7 years ago and discovered they didn’t have a dedicated asset management tool, he knew a robust solution was necessary to take back control of their network. “When I started in IT at Inductive Automation, we didn’t really have a dedicated asset management tool. We could sign into vCenter, see our VMs, or our EDR and Active Directory to see many endpoints. But at the end of the day, I would still run Nmap and map it out myself. It was a weak, hodgepodge approach that was scary because it didn’t scale to keep up with our growth,” explained Waits. He added, “I’m a big fan of asset management in general. It’s difficult to secure things and prioritize when you don’t know what you have. That was our big pain point.”

When Waits was promoted to head of security, he led the research effort to understand all asset management options on the market for making an informed decision. It was critical for them to find a comprehensive solution that could scan their entire network, offer network discovery for providing visibility into all IT, IoT, and especially OT assets on their network, including rich, quality data from these assets, and aid with improving their overall cyber hygiene and cyber risk management. They trialed many options, all of which lacked detailed and accurate data, and kept fingerprinting devices as Linux boxes, rather than what the devices actually were:

• Axonius - Axonius didn’t deliver enough value for the money and the data it pulled was surface level.
  
  
• Nessus - Nessus wasn’t the right fit due to performance issues, the UI/ UX lacked efficiency in that one needed to double click into each host for more detail, which wasn’t even always useful, and the data the system reported back also lacked granularity.
  
  
• JupiterOne - JupiterOne ultimately didn’t work for them since it’s a pure cloud security solution.
  
  
• Forescout - Additionally, they investigated their existing Forescout NAC, which Waits likened to, “…a heavy, clunky, old appliance that offered very shallow fingerprinting with data quality that was garbage.”

Solution

Inductive Automation discovered runZero and decided to test it out. “I checked the runZero website and there was a free trial, which I love. I downloaded it and immediately scanned a couple of subnets. The UI/ UX was user friendly, and the classification was incredibly detailed,” said Waits. They became a customer and shortly after they renewed, runZero announced a CrowdStrike integration for providing insight into unknown assets lacking CrowdStrike EDR, which ultimately was the deciding factor for upgrading to the Enterprise tier. “As soon as I turned on runZero’s CrowdStrike integration and once I saw it working in action, I immediately deprecated Forescout.”

The team now enjoys runZero’s cyber asset discovery capabilities for gaining visibility into what exists on their network. In fact, they have been able to discover over 50% more assets than what they thought they had on their network before thanks to runZero. “We use runZero to run down software and see what versions we currently have in play,” described Waits. They also leverage runZero to accelerate remediation, taking advantage of the many out-of-the-box queries to expedite incident response. “We absolutely use runZero to help speed up incident response. If there’s a new open SSL vulnerability, runZero is quick to release some helpful queries. I’m a huge fan of that. I don’t have to write the query, so one of my analysts can copy and paste that query should I be out of the office.”

runZero’s customer support team has provided Waits with the proactive, rapid response he needs to keep the Inductive Automation security program running smoothly. “Your support team is fantastic. It’s crazy how they reach out to tell me they fixed a bug I encountered that I didn’t report. That’s happened numerous times. And when I do submit a bug report, it’s handled quickly,” said Waits.