How We Delivered Unified Cyber Asset Visibility in Three Months for a National Healthcare Supply Chain Organization

From zero to a production Axonius platform in one compressed build: the full on-premises estate of security, infrastructure, and operational systems feeding a single asset view, dashboards validated by the teams who run on them, and reporting that no longer waits for someone to assemble it.

Agency and system names anonymized for security. Full briefing available under mutual NDA.

8 min read

Client
National healthcare supply chain and logistics organization (anonymized)
Domain
Cyber asset management and security intelligence
Engagement
Full-scale Axonius implementation delivered in three months by embedded resident engineers, with managed engineering services
3 months
Platform implementation, zero to production
2 hours
Automated reporting cadence, formerly manual
All
Relevant IT and security platforms integrated

The situation

The client operates a national healthcare supply chain and logistics ecosystem, where visibility and assurance over IT and security assets underpin both operational continuity and the healthcare services that depend on it. As the digital footprint expanded across a diverse system landscape, the organization found it increasingly difficult to answer basic questions with confidence: what assets exist, how they are configured, and what their security posture actually is.

That difficulty has a price: incident scoping starts with a survey instead of a query, audit responses become manual assembly work, and risk decisions rest on data no one fully trusts. Asset inventory is also where cybersecurity frameworks begin, from CIS Controls 1 and 2 to the NCA Essential Cybersecurity Controls.

ExeQut was engaged to implement Axonius as the centralized cyber asset management and security intelligence platform, delivered through a resident engineering model. The scale of the environment pointed to a structured, phased implementation; instead the engagement ran as a compressed, high-tempo build, onboarding systems in parallel rather than in sequence.

Every unanswered "what do we have?" is an unpriced risk.

The challenge

The environment combined scale, heterogeneity, and urgency:

  1. A highly distributed IT and security ecosystem spanning multiple platforms, with no centralized view of assets, configurations, or dependencies.
  2. A wide range of enterprise systems that all needed to feed the platform, each with its own data model and quality quirks.
  3. Configuration data inconsistent enough across sources to defeat naive aggregation.
  4. Operational and security teams expecting near real-time reporting and dashboards, not periodic extracts.
  5. Rapid implementation expected despite all of the above, with no existing unified asset intelligence or correlation mechanism to build on.

The approach

ExeQut ran a rapid deployment and full-integration strategy: coverage of the full on-premises IT and security estate from the start, not a cautious partial rollout. Asset intelligence is only trusted when it is comprehensive, and value arrives sooner when integration is not rationed into phases.

Architecture first, then speed

The foundation phase defined the Axonius architecture, data ingestion model, and integration strategy against the real enterprise landscape. Then the build moved fast: core platform components, connectors, and data normalization pipelines in one compressed cycle.

Integration breadth as the priority

Security tools, infrastructure platforms, and operational systems were all connected in the first cycle; cloud and hybrid coverage was deliberately scoped as the next expansion phase rather than left as a silent gap. Asset discovery and continuous synchronization ran across every connected source, with per-system normalization rules and policy-driven correlation of asset attributes and security posture resolving conflicting records into unified views. Where sources disagreed about the same asset, the rules decided, not manual cleanup.

A single pane of glass with missing panes teaches teams to distrust it.

Dashboards in parallel, not after

Dashboard and analytics engineering ran alongside system onboarding rather than after it. Stakeholder validation sessions checked dashboards and reports against operational and security requirements while connectors were still landing, feeding straight into connector tuning and data quality rules. Reporting was automated to run every two hours for the operations and security teams who work from it: changes in asset posture surface within the shift they happen in, not in a periodic extract assembled later.

Resident engineering all the way through

Dedicated ExeQut engineers worked embedded in the client environment, coordinating daily with IT and security stakeholders. Decisions about connectors, data quality, and dashboards were made inside that loop instead of queuing behind a change process, with operational teams validating data as it landed. That model absorbed the daily friction that would otherwise have stretched the timeline, and delivery ran without disrupting the production systems the platform was watching.

The outcome

The organization went from fragmented, partial asset knowledge to a unified, automated view of its cyber asset landscape:

  • Continuous, synchronized visibility into assets, configurations, and security posture across the in-scope estate.
  • Centralized dashboards for executive and technical audiences, fed by automated reporting.
  • An asset inventory and configuration record more accurate than any single source held.

When a critical vulnerability is announced, the security team enumerates affected assets with a query in minutes rather than a manual canvass of system owners, and the reports that once required manual assembly now produce themselves.

Before handover, dashboards and reporting outputs were validated in working sessions with the client's operational and security stakeholders against their own requirements. The platform entered production fully operational, and internal teams took ownership through operational training and a structured handover.

The capability stays with the organization, not its vendor.

The return compounds: security and operational decisions now start from current data rather than a reconstruction of it, and future compliance and security initiatives inherit a defensible asset baseline instead of building their own. The continuity of medical supply distribution rests on a known, continuously monitored asset base rather than an unverified one.

Designed for the future

The connector framework and normalized asset layer were built to extend: automated security posture management, SOC and SIEM correlation, risk scoring, continuous compliance monitoring, and the planned cloud and hybrid coverage expansion. Each builds on the platform already in place, extending the investment rather than restarting it.

What we took from it

  1. Go full-scale on integration. A partial inventory never earns enough trust to become the system of record.
  2. Normalize from day one. Rapid deployment across heterogeneous sources only works with disciplined data normalization rules from the first connector.
  3. Build dashboards while you onboard. Stakeholders validated dashboards against their own operations during onboarding, catching data quality problems while they were still cheap to fix.
  4. Match reporting cadence to operations. Automated reporting on an operational cadence changed how teams used the data, not just how fresh it was.
  5. Compressed timelines need embedded engineers. Resident engineering absorbs the daily friction that compressed timelines cannot otherwise survive.

Want the unredacted briefing?

Agency, systems, architecture, vendors, and outcomes. We walk you through the full engagement under mutual NDA.

Request a private briefing