Applications | Axonius SaaS Management

The Axonius SaaS Management Applications module provides detailed insights into all the applications used in your organization. It will allow you to identify risky applications and prioritize risk analysis tasks. Insights include how each application is managed, information about the vendor, the level of risk posed by each application, and user profiles.

Getting Started With Applications

From the left side navigation bar, click Applications:

Vendor Security Practices Overview

The Compliances overview provides GRC professionals with an aggregate view of how vendors used in the organization fare in terms of the overall risk posed, stature, data security and integrity practices, and compliance with key data security standards.

Click the Category drop-down to select the vendor type (e.g. Finance), or leave unchecked to view all.

The compliance overview widgets include:

• Risk division - The different levels of risk posed by vendors.
• Compliance coverage - Per standard and showing compliance for different categories of vendors.
• Data center location & HQ location - The locations of tracked vendors.
• Company size to funding ratio - Data is shown for Small, Medium, or Large vendors.
• Data retention - Across all applications, shown by duration and a percentage.
• Data encryption - The percentage of vendors that encrypt data at rest, or both (at rest and in transit).
• Bug bounty program - The percentage of vendors that have such programs.

SaaS Application Inventory

In this view you can see the applications that are in use in your organization.

You can filter the list of applications by risk level and category, using the drop-downs at the top of the page.

For each application in the view you can see the following information:

• Application name.
• Risk level - Low, Medium, High. The risk level is calculated by taking a wide range of parameters into consideration including product security, data security, compliance with relevant industry industry standards, publicly available reports and policies, the vendor’s geographic location, and more.
• Managed by - An application can be managed either by an Axonius adapter or the organization’s SSO solution.
• Managed Users - Users of managed applications, which are applications either connected to an Axonius adapter or managed by the organization using an SSO solution. Mouse over the label to see a breakdown by types of managed users.
• Shadow users - Users of shadow (or unmanaged) applications. These applications are not connected to an Axonius adapter and not managed by the organization using a SSO solution. Mouse over the label to see a breakdown by type of shadow users.
• Discovered - An application user that is discovered by means other than an adapter or an SSO solution.

Vendor Security Profile

Click any application to view security and compliance insights about the vendor.
By default, the Overview tab is displayed:

Information shown on the left side of the page:

• Managed by - How the application is managed, plus managed and shadow user counts.

Information shown on the main part of the page:

• Compliance labels display the standards that the application complies with.
• Under Policies and Reports are links to the relevant vendor web pages.
• In the Product Security and Data Security lists, a green checkmark indicates that the security measure is in place. A question mark indicates that it has not been identified.
• Under Events, we provide links to pages or articles that list or describe significant security events associated with the application.

Users

The Users view provides a detailed description of users of the application you selected.

Use the following drop-down to filter the list of users:

• Status - Active, Suspended, Deleted
• Tags - Select Managed, Shadow, or Discovered users.
• Account - Select the specific application user account that you wish to view.
• Discovery method - The options are Adapter and SSO.
• Date range - Enter the desired date range that you want to view.