Original broadcast 6/4/25
Presented by Axonius Federal Systems & Carahsoft
Tom Kennedy, Vice President at Axonius Federal Systems, believes the foundation of any strong cybersecurity strategy begins with visibility. For Kennedy, cyber resilience isn’t achievable unless agencies have a comprehensive, real-time understanding of every asset across their networks. From endpoint devices to cloud environments, every node must be tracked, monitored, and accounted for to reduce risk and respond quickly to threats.
Kennedy explains that most cybersecurity frameworks—whether Zero Trust, NIST, or the widely-used CIS controls—all start with asset management. Without knowing what exists in the environment, agencies can’t secure it. That’s why the first priority must always be building and maintaining a reliable inventory of hardware, software, and cloud instances.
In practice, however, Kennedy points out that this is easier said than done. Large federal agencies often operate with dozens of sub-components, each using their own toolsets. One agency Kennedy worked with had 42 separate bureaus, each with its own security stack. Stitching all that data together to form a complete picture of the environment is a complex but critical task.
This is where platforms like Axonius come in. By integrating with existing security tools, IT management platforms, and cloud services, Axonius can continuously ingest data from dozens of sources and correlate it into a unified inventory. The result is what Kennedy calls a “single source of truth” for cyber hygiene and operational awareness.
But visibility is just the starting point. The next step, Kennedy says, is actionability. Agencies must be able to act on their data—automatically if possible. For example, if a device is missing a required endpoint security agent, Axonius can identify it and then trigger an integration with the appropriate system to reinstall the agent. This automation not only reduces risk but also saves time and labor.
Another important benefit of full visibility is better understanding of the attack surface. Kennedy emphasizes that without a complete asset map, it’s impossible to conduct meaningful vulnerability assessments or risk modeling. Continuous monitoring is essential because agency environments are constantly changing—with assets spinning up, moving, or being decommissioned every day.
Kennedy also stresses the importance of completeness. The more data sources integrated into an asset management platform, the more accurate and comprehensive the inventory will be. Axonius customers often start with 10 or 20 data sources and then expand to 30 or more as they grow their visibility and control.
Looking ahead, Kennedy sees asset intelligence as a critical enabler for Zero Trust and cyber resilience. Without it, agencies are flying blind. But with it, they can enforce policy, detect anomalies, respond to threats, and continuously validate their security posture—exactly what’s required to thrive in today’s threat environment.
Key Takeaways:
-
Asset visibility is the foundation of all effective cybersecurity strategies.
-
Continuous monitoring and automation enhance both defense and efficiency.
-
A complete and unified inventory enables smarter cyber hygiene and policy enforcement.
This interview was recorded on location at TechNet Cyber 2025 and included as part of the TV show Innovation in Government from TechNet Cyber.
Please fill out the requested information below