Discovery And Asset Management Are Crucial To IT Security – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver CEO Ziften


Trustworthy IT asset management and discovery can be a network and security admin’s buddy.

I don’t have to tell you the obvious; we all know a good security program starts with an understanding of all the devices connected to the network. However, keeping an existing inventory of every connected device used by employees and organisation partners is challenging. Even more hard is ensuring that there are no linked un-managed assets.

What is an Unmanaged Asset?

Networks can have countless linked devices. These might consist of the following among others:

– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablets.

– Data center and cloud devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Unfortunately, a lot of these connected devices may be unknown to IT, or not handled by IT group policies. These unidentified devices and those not managed by IT policies are described as “unmanaged assets.”

The number of un-managed assets continues to rise for many organizations. Ziften discovers that up to 30% to 50% of all connected devices could be unmanaged assets in today’s enterprise networks.

IT asset management tools are typically optimized to find assets such as computers, servers, load balancers, firewalls, and devices for storage used to deliver enterprise applications to organization. Nevertheless, these management tools usually overlook assets not owned by the business, such as BYOD endpoints, or user deployed wireless access points. Even more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Must Change”, that IoT devices have actually gone beyond workers and guests as the biggest user of the enterprise network.1.

Gartner goes on to explain a brand-new trend that will introduce much more unmanaged assets into the business environment – bring your own things (BYOT).

Basically, workers bringing items which were designed for the wise home, into the workplace environment. Examples include clever power sockets, smart kettles, smart coffee machines, smart light bulbs, domestic sensing units, wireless webcams, plant care sensors, environmental controls, and eventually, home robots. Many of these things will be brought in by personnel seeking to make their workplace more congenial. These “things” can sense information, can be managed by apps, and can communicate with cloud services.1.

Why is it Important to Discover Un-managed Assets?

Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security starts with understanding what physical and virtual devices are linked to the corporate network. However, BYOD, shadow IT, IoT, and virtualization are making that more challenging.”.

These blind spots not only enhance security and compliance danger, they can increase legal danger. Information retention policies created to limit legal liability are not likely to be applied to digitally saved details consisted of on unapproved cloud, mobile, and virtual assets.

Keeping a current inventory of the assets on your network is crucial to excellent security. It’s common sense; if you don’t know it exists, you cannot understand if it is safe and secure. In fact, asset visibility is so crucial that it is a fundamental part of many information security frameworks consisting of:

– SANS Vital Security Controls for reliable cyber defense: Establishing an inventory of authorized and unauthorized devices is primary on the list.

– Council on CyberSecurity Critical Security Controls: Developing a stock of authorized and unapproved devices is the very first control in the focused list.

– NIST Information Security Constant Monitoring for Federal Info Systems and Organizations – SP 800-137: Info security constant tracking is defined as keeping ongoing awareness of info security, vulnerabilities, and dangers to support organizational risk management decisions.

– ISO/IEC 27001 Info Management Security System Requirements: The standard needs that all assets be clearly determined and a stock of all important assets be prepared and preserved.

– Ziften’s Adaptive Security Structure: The very first pillar includes discovery of all your licensed and unauthorized physical and virtual devices.

Factors To Consider in Assessing Asset Discovery Solutions.

There are several methods utilized for asset discovery and network mapping, and each of the approaches have benefits and downsides. While evaluating the myriad tools, keep these 2 key considerations in mind:.

Continuous versus point-in-time.

Strong information security requires constant asset discovery no matter what technique is utilized. However, many scanning methods used in asset identification take time to finish, and are therefore performed periodically. The downside to point-in-time asset identification is that short-term systems might only be on the network for a quick time. For that reason, it is extremely possible that these transient systems will not be found.

Some discovery strategies can trigger security notifications in network firewalls, intrusion detection systems, or virus scanning tools. Since these techniques can be disruptive, identification is only carried out at routine, point-in-time intervals.

There are, however, some asset discovery strategies that can be utilized continually to locate and identify connected assets. Tools that provide continuous tracking for un-managed assets can deliver much better un-managed asset discovery outcomes.

” Due to the fact that passive detection operates 24 × 7, it will find transitory assets that may just be periodically and quickly connected to the network and can send out notifications when brand-new assets are discovered.”.

Passive versus active.

Asset discovery tools supply intelligence on all found assets consisting of IP address, hostname, MAC address, device producer, as well as the device type. This technology assists operations groups quickly tidy up their environments, getting rid of rogue and unmanaged devices – even VM proliferation. However, these tools set about this intelligence gathering differently.

Tools that use active network scanning successfully probe the network to coax reactions from devices. These responses offer clues that assist identify and fingerprint the device. Active scanning regularly examines the network or a segment of the network for devices that are linked to the network at the time of the scan.

Active scanning can typically provide more extensive analysis of vulnerabilities, malware detection, and setup and compliance auditing. However, active scanning is performed periodically because of its disruptive nature with security infrastructure. Unfortunately, active scanning threats missing short-term devices and vulnerabilities that occur between scheduled scans.

Other tools utilize passive asset discovery methods. Since passive detection runs 24 × 7, it will detect temporal assets that might just be occasionally and quickly linked to the network and can send out alerts when new assets are discovered.

In addition, passive discovery does not disturb delicate devices on the network, such as commercial control systems, and allows visibility of Internet and cloud services being accessed from systems on the network. More passive discovery methods avoid activating alerts on security tools throughout the network.

In Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate a growing number of assets on to the organization network. Unfortunately, much of these assets are unknown or un-managed by IT. These un-managed assets position severe security holes. Getting rid of these un-managed assets from the network – which are even more likely to be “patient zero” – or bringing them in line with corporate security standards greatly lowers an organization’s attack surface and general risk. The good news is that there are services that can supply constant, passive discovery of un-managed assets.

Leave a Reply

Your email address will not be published. Required fields are marked *