Asset Criticality Management
Use Asset Criticality to classify your assets based on business context, ownership, or exposure, and set the criticality level of each category. This mechanism makes asset importance visible and actionable, and helps you prioritize and focus security efforts on the assets that matter most.
To access the Asset Criticality page:
- In the Security Findings page, expand the Exposures Tools menu.
- Select Asset Criticality.
In Axonius New Navigation Experience:
- Select Exposures from the left navigation menu.
- Expand the Exposures Tools menu and select Asset Criticality.
Asset Criticality Table
The table listing all criticalities provides the following details for each criticality:
- Criticality Name - A meaningful name representing this category, for example, "Finance Team Devices" or "IT Personnel".
- Criticality Level - Low, Medium , High, or Critical
- Crown Jewel - Indicates whether the group of assets associated with this criticality are considered Crown Jewel.
- Asset Count - How many assets were found within this criticality category.
- Asset Type - The asset type associated with this criticality category.
- Status - Active or inactive.
- Last update date
- The user who created/updated this category
Note
Table data is calculated and updated every discovery cycle.
Adding a Criticality Category
Create a custom criticality with a specified scope to ensure effective classification and asset management across your inventory.
- Click Add Criticality Category.
- Decide whether this criticality is active (default) or not. You can activate/deactivate criticalities after they are created.
- Provide a name for the new category.
- Select a Criticality Level - Critical, High, Medium, or Low.
- If necessary, mark this criticality as Crown Jewel.
- Select a query to apply this criticality on the assets matching this query.
- Click Create. The new criticality is added to the table.
Additional Actions
Hover over a criticality row in the table to edit, duplicate, change its status (activate/deactivate), or delete it.
Predefined Criticality Categories
Axonius offers the following out-of-the-box criticality categories to help you get started:
Domain Controllers
| Category Name | Description | Criticality Level |
|---|---|---|
| Domain Controllers | Devices that function as Active Directory Domain Controllers - systems that provide the organization’s primary identity, policy enforcement and authentication mechanisms. If these domain controllers are compromised, this might enable domain-wide privilege escalation, credential theft at scale, and full control over Windows-based identity and access. | Critical |
Sensitive Personnel Devices
| Category Name | Description | Criticality Level |
|---|---|---|
| Finance Privileged Devices -Financial Systems | Devices associated with users who can directly impact money movement and core financial records - payroll, ERP/accounting, expenses, procurement, and more. This category represents the highest business impact within Finance personas. | High |
| Finance Privileged Device - Legal & Contracts | Devices associated with users who manage contracts, legal documents, procurement workflows, and governance processes. Compromising them is likely to enable a wide variety of frauds, unauthorized approvals, leakage of sensitive legal data, and procurement/vendor manipulation. All of this can cause significant downstream financial and reputational impact. | High |
| Finance Privileged Devices - Revenue & Sales Ops | Devices associated with users who handle revenue-generation and sales operations systems (CRM, pipeline, deal execution tooling). Compromising them can manipulate pipelines, exfiltrate customer/contact data, and disrupt revenue processes. Impact is typically lower than direct money-system control, but is still considerably higher than general workforce endpoints. | Medium |
| Executive Computers | Devices associated with users in senior organizational leadership roles. Compromising them is likely to cause high business impact even without technical admin privileges: targeted attacks, elevated access to sensitive business information (finance, legal, strategy, HR), and greater ability to influence workflows and people. | High |
| IT Personnel | Devices associated with users who are part of IT/IAM infrastructure operations. This tier reflects increased risk due to access proximity, even when not every device in the category represents guaranteed high-privilege control. | Medium |
| IT Admins | Devices associated with users who hold meaningful administrative privileges in one or more IT/security systems, but not necessarily top-tier “control plane” roles. This tier is intended to stay actionable and high-fidelity while capturing admins beyond the most critical subset. | High |
| Critical IT Admins | Devices associated with users who administer core organizational control planes, for example, privileged access management. This category represents “keys-to-the-kingdom admin endpoints”, which have the largest potential blast radius. | Critical |
Access and Authentication
| Category Name | Description | Criticality Level |
|---|---|---|
| Certificate Authorities | Systems that issue and manage digital certificates. A compromised certificate might enable certificate forgery, user/service impersonation, and undermining of authentication and encrypted communications across the environment. | High |
| VPN Gateways | Remote-access gateways that terminate VPN connections and provide authenticated entry into internal networks. Since VPN gateways are frequently internet-facing and provide direct access paths into the environment, compromising them might lead to rapid foothold establishment, credential abuse, and broad lateral movement. | Critical |
Network Infrastructure
| Category Name | Description | Criticality Level |
|---|---|---|
| Network Devices | Network infrastructure devices (routers, switches, wireless controllers, load balancers) that route, segment, or manage traffic. Compromising them can disrupt connectivity, enable traffic interception/redirect, and weaken segmentation controls - potentially impacting many systems at once. | Medium |
| Firewalls | Network security gateways that enforce access control and segmentation (firewalls / NGFW). Since these devices sit on critical traffic paths, compromising them might disable enforcement, create unauthorized network paths, and significantly increase lateral movement and data. | Critical |
Servers
| Category Name | Description | Criticality Level |
|---|---|---|
| DNS Servers | Systems that provide DNS name resolution for internal and/or external services. Because DNS is foundational for connectivity, compromised DNS servers might redirect traffic, enable credential interception/phishing, and disrupt access to business-critical resources at scale. | High |
| Servers | General-purpose server systems that host applications, databases, and business services. Since servers commonly host sensitive data and critical workloads, compromising them can impact availability, integrity, and confidentiality across business services. More specific server categories (such as Domain Controllers or DNS) should take precedence when applicable. | Medium |
| DHCP Servers | Systems that assign IP addresses and network configuration to endpoints (DHCP). Since DHCP impacts connectivity and onboarding at scale, compromising them might cause widespread access issues, misconfigurations. or localized traffic manipulation. However, these issues typically have a smaller blast radius than identity/control-plane systems. | Medium |
| Exchange Servers | Email server infrastructure that routes, stores, and enables organizational email services. Since email is a primary business communication channel, it is also a common entry point for attackers. If attackers gain access to mailboxes, this can cause sensitive data exposure and high-impact phishing from trusted accounts. | Medium |
User Endpoints & Edge Devices
| Category Name | Description | Criticality Level |
|---|---|---|
| Desktops and Workstations | End-user desktops and workstations, usually limited to a single user context. Risk may increase when mapped to privileged personas or devices used to administer sensitive systems. | Low |
| Laptops | End-user laptops, usually limited to a single user access and local data. Risk may increase when the device is associated with privileged personas or sensitive business functions. | Low |
| Mobile | Mobile endpoints such as phones and tablets. Their access is usually app-scoped, but compromise can still expose communications, authentication tokens, and sensitive content. Risk may increase when associated with privileged roles. | Low |
Non-Computing and IoT Devices
| Category Name | Description | Criticality Level |
|---|---|---|
| Non-computing / IoT | Non-traditional compute and IoT assets: printers, cameras, sensors, conferencing devices. These devices usually hold limited direct business data, but they may also provide unmanaged attack surface and pivot paths. Risk may increase for devices in sensitive zones or with privileged connectivity. | Low |
Select a category to view its full description and details, duplicate, or edit it. Note that only the following attributes of a predefined criticality category can be edited:
- Active (yes/no)
- Criticality Level
- Crown Jewel (yes/no)
Updated 1 day ago