Asset Management
You cannot protect
what you do not see.
Spreadsheets go stale. Scanners miss shadow IT. Nobody owns the laptop in the closet. Archaeon builds a living inventory across every environment — 17 asset types, 6 categories, one source of truth — and connects each asset to the risks, policies, and compliance controls that depend on it.
Core capabilities
Complete visibility,
zero blind spots
Six integrated capabilities that turn a static spreadsheet into a living, governed asset inventory.
Continuous Discovery
Find every asset — managed or shadow, cloud or closet. Ingest via API integrations, CSV/JSON import, or manual entry. Assets are cataloged the moment they appear.
Intelligent Classification
Tag each asset with criticality level, data sensitivity (Public through Restricted), regulatory scope, and encryption status. Dual ownership — technical and business — baked in.
Full Lifecycle Tracking
Follow every asset from Plan through Acquire, Deploy, Operate, and Retire. Status, phase, and ownership evolve together — no stale spreadsheet rows.
Data Governance
Attach governance records to any asset: data types (PII, PHI, PCI), retention periods, encryption at rest and in transit, processing justification. Policies travel with the asset.
Automated Recertification
Define campaigns — monthly, quarterly, annual, or custom. Owners get notified 7, 3, and 1 day before deadlines. Overdue assets auto-escalate. Every action is timestamped.
Dependency Mapping
Map upstream and downstream relationships between assets, services, and data flows. Understand the blast radius before a single change ships.
The connective tissue
One asset, every context
Most CMDBs are islands. In Archaeon, every asset is natively linked to the modules that depend on it. A vulnerability flows to a risk, maps to a compliance control, triggers an action plan — all traced back to one asset record.
prod-db-primary
AWS RDS · us-east-1 · vpc-0a1b2c3d
3
linked risks
Risk
Criticality informs risk scoring. Impact analysis auto-links to affected assets.
12
controls mapped
Compliance
Evidence campaigns target asset groups. Scoring weighs inventory completeness.
5
design reviews
Secure by Design
Architecture diagrams reference asset nodes. Findings create linked risks.
8
active policies
Policy
Policies scope by asset type. Exceptions and acknowledgments target custodians.
24
secrets managed
Secrets Vault
Zero-knowledge vault. AES-256-GCM at rest, automated rotation schedules.
How it works
Discover. Classify. Certify.
Discover
Four ingestion paths ensure nothing hides. API integrations pull from Veracode, AWS, Azure, and GCP. Bulk CSV/JSON import handles legacy data. The REST API lets you build custom connectors.
- Veracode integration live — SAST, DAST, SCA findings auto-linked
- HMAC-SHA-256 authenticated sync with configurable schedules
- 196 pre-defined fields across 17 built-in asset types
Classifying
prod-db-primary
PostgreSQL · AWS RDS · us-east-1
Classify
Every asset gets context that outlives the person who entered it. Criticality levels, data classification tiers, encryption tracking, regulatory scope, dual ownership, and a flexible EAV architecture.
- Criticality: Low, Medium, High, Critical
- Data classification: Public, Internal, Confidential, Restricted
- Lifecycle phases: Plan → Acquire → Deploy → Operate → Retire
Q1 Recertification
32 / 47
assets certified this quarter
12 owners · 7-day grace period
Certify
Certification campaigns run on your schedule \u2014 monthly, quarterly, annual, or custom. Owners are notified at 7, 3, and 1 day before the deadline. Overdue assets auto-escalate.
- Immediate or scheduled campaigns with configurable grace periods
- Auto-escalation after N days overdue to specified roles
- Full certification history: created, completed, extended, cancelled
Connects to your stack
Bring your tools,
keep one inventory
Encrypted credential storage · Configurable sync schedules · Full audit trails