Chuck Leaver – Good Security Begins With IT Asset Management And Discovery

Written By Roark Pollock And Presented By Chuck Leaver CEO Ziften

 

Reputable IT asset management and discovery can be a network and security admin’s best friend.

I do not have to tell you the obvious; we all understand a great security program begins with an inventory of all the devices connected to the network. Nevertheless, keeping a current inventory of every linked device utilized by employees and business partners is challenging. Even more difficult is ensuring that there are no connected un-managed assets.

Exactly what is an Unmanaged Asset?

Networks can have countless connected devices. These might include the following to name a few:

– User devices such as laptops, desktops, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablet devices.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.

– Other devices such as printers, and more recently – Internet of things (IoT) devices.

Unfortunately, a number of these connected devices might be unknown to IT, or not handled by IT group policies. These unknown devices and those not managed by IT policies are described as “unmanaged assets.”

The variety of unmanaged assets continues to rise for numerous businesses. Ziften discovers that as many as 30% to 50% of all connected devices can be un-managed assets in today’s enterprise networks.

IT asset management tools are generally optimized to identify assets such as computers, servers, load balancers, firewalls, and storage devices used to deliver enterprise applications to organization. However, these management tools generally neglect assets not owned by the business, such as BYOD endpoints, or user-deployed wireless access points. A lot more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Enterprise Network Access Policy Should Change”, that IoT devices have exceeded employees and visitors as the most significant user of the business network.1.

Gartner goes on to explain a new pattern that will introduce much more un-managed assets into the business environment – bring your own things (BYOT).

Basically, employees bringing items which were developed for the wise home, into the workplace environment. Examples consist of clever power sockets, clever kettles, wise coffee machines, wise light bulbs, domestic sensors, wireless webcams, plant care sensors, environmental protections, and eventually, home robotics. Much of these items will be brought in by personnel seeking to make their working environment more congenial. These “things” can notice information, can be managed by apps, and can interact with cloud services.1.

Why is it Essential to Discover Unmanaged Assets?

Quite simply, unmanaged assets create IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security begins with understanding exactly what physical and virtual devices are connected to the business network. However, BYOD, shadow IT, IoT, and virtualization are making that more tough.”.

These blind spots not only increase security and compliance risk, they can increase legal threats. Information retention policies designed to limit legal liability are not likely to be applied to digitally stored details contained on unauthorized cloud, mobile, and virtual assets.

Preserving a current inventory of the assets on your network is critical to great security. It’s common sense; if you do not know it exists, you can’t understand if it is safe and secure. In fact, asset visibility is so essential that it is a foundational part of many information security infrastructures consisting of:

– SANS Important Security Controls for efficient cyber defense: Developing a stock of licensed and unauthorized devices is number one on the list.

– Council on CyberSecurity Important Security Controls: Developing an inventory of authorized and unapproved devices is the very first control in the focused list.

– NIST Information Security Constant Monitoring for Federal Info Systems and Organizations – SP 800-137: Information security continuous monitoring is specified as preserving ongoing awareness of info security, vulnerabilities, and hazards to support organizational danger management decisions.

– ISO/IEC 27001 Information Management Security System Requirements: The standard requires that all assets be plainly recognized and an inventory of all important assets be drawn up and maintained.

– Ziften’s Adaptive Security Framework: The very first pillar includes discovery of all your licensed and unapproved physical and virtual devices.

Considerations in Evaluating Asset Discovery Solutions.

There are numerous strategies used for asset identification and network mapping, and each of the approaches have advantages and disadvantages. While examining the myriad tools, keep these 2 essential factors to consider in mind:.

Constant versus point-in-time.

Strong information security requires constant asset discovery regardless of what approach is used. However, many scanning strategies utilized in asset discovery require time to finish, and are hence performed periodically. The drawback to point-in-time asset discovery is that short-term systems may only be on the network for a quick time. For that reason, it is highly possible that these short-term systems will not be found.

Some discovery strategies can activate security alerts in network firewall programs, invasion detection systems, or virus scanning tools. Because these techniques can be disruptive, discovery is only executed at routine, point-in-time intervals.

There are, nevertheless, some asset discovery methods that can be utilized continuously to find and identify connected assets. Tools that offer continuous monitoring for un-managed assets can deliver better un-managed asset identification results.

” Because passive detection operates 24 × 7, it will identify transitory assets that may just be sometimes and briefly linked to the network and can send out notifications when brand-new assets are found.”.

Passive versus active.

Asset identification tools supply intelligence on all found assets including IP address, hostname, MAC address, device producer, and even the device type. This innovation assists operations teams quickly tidy up their environments, removing rogue and unmanaged devices – even VM proliferation. Nevertheless, these tools set about this intelligence gathering in a different way.

Tools that employ active network scanning successfully probe the network to coax responses from devices. These responses offer ideas that assist identify and finger print the device. Active scanning regularly analyzes the network or a sector of the network for devices that are connected to the network at the time of the scan.

Active scanning can generally offer more in-depth analysis of vulnerabilities, detection of malware, and configuration and compliance auditing. However, active scanning is carried out regularly because of its disruptive nature with security infrastructure. Regrettably, active scanning threats missing short-term devices and vulnerabilities that occur between scheduled scans.

Other tools utilize passive asset discovery techniques. Since passive detection operates 24 × 7, it will find temporal assets that may only be periodically and quickly connected to the network and can send alerts when new assets are detected.

In addition, passive discovery does not disrupt delicate devices on the network, such as commercial control systems, and allows visibility of Web and cloud services being accessed from systems on the network. Further passive discovery strategies avoid triggering notifications on security tools throughout the network.

In Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate more and more assets on to the corporate network. Unfortunately, many of these assets are unknown or un-managed by IT. These unmanaged assets pose major security holes. Getting rid of these unmanaged assets from the network – which are far more likely to be “patient zero” – or bringing them in line with business security requirements considerably lowers an organization’s attack surface and general risk. The good news is that there are services that can offer continuous, passive discovery of unmanaged assets.

~leaverchuck1


No Responses Yet to “Chuck Leaver – Good Security Begins With IT Asset Management And Discovery”

Leave a Reply