Charles Leaver – With Proper IT Asset Identification And Management Your Security Will Be Enhanced

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften

 

Trustworthy IT asset management and discovery can be a network and security admin’s friend.

I do not need to tell you the obvious; all of us know a good security program begins with an inventory of all the devices connected to the network. Nevertheless, keeping a present stock of every connected device used by employees and organisation partners is difficult. Much more difficult is guaranteeing that there are no linked un-managed assets.

Exactly what is an Un-managed Asset?

Networks can have countless linked devices. These may consist of the following among others:

– User devices such as laptop computers, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cell phones, and tablet devices.

– Data center and cloud devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Sadly, much of these linked devices may be unidentified to IT, or not handled by IT group policies. These unknown devices and those not handled by IT policies are described as “unmanaged assets.”

The variety of unmanaged assets continues to increase for lots of businesses. Ziften finds that as many as 30% to 50% of all linked devices can be unmanaged assets in today’s enterprise networks.

IT asset management tools are normally enhanced to detect assets such as PCs, servers, load balancers, firewalls, and storage devices utilized to deliver business applications to organization. Nevertheless, these management tools generally overlook assets not owned by the business, such as BYOD endpoints, or user deployed wireless access points. Much more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Must Change”, that IoT devices have surpassed staff members and guests as the greatest user of the business network.1.

Gartner goes on to explain a new trend that will introduce much more unmanaged assets into the organization environment – bring your own things (BYOT).

Essentially, employees bringing products which were created for the clever home, into the workplace environment. Examples include wise power sockets, wise kettles, clever coffee makers, wise light bulbs, domestic sensing units, wireless cams, plant care sensing units, environmental controls, and ultimately, home robotics. A number of these things will be brought in by personnel seeking to make their workplace more congenial. These “things” can notice details, can be managed by apps, and can interact with cloud services.1.

Why is it Essential to Discover Un-managed Assets?

Quite simply, unmanaged assets create IT and security blind spots. Mike Hamilton, SVP of Product at Ziften stated, “Security starts with knowing exactly what physical and virtual devices are linked to the organization network. However, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.

These blind spots not only increase security and compliance danger, they can increase legal threats. Information retention policies designed to restrict legal liability are not likely to be applied to digitally kept info consisted of on unauthorized cloud, mobile, and virtual assets.

Preserving a current inventory of the assets on your network is crucial to great security. It’s common sense; if you do not know it exists, you cannot know if it is secure. In fact, asset visibility is so essential that it is a fundamental part of most information security infrastructures consisting of:

– SANS Vital Security Controls for effective cyber defense: Developing an inventory of licensed and unauthorized devices is top on the list.

– Council on CyberSecurity Important Security Controls: Developing an inventory of licensed and unauthorized devices is the very first control in the focused list.

– NIST Details Security Constant Tracking for Federal Info Systems and Organizations – SP 800-137: Information security continuous monitoring is specified as maintaining continuous awareness of info security, vulnerabilities, and dangers to support organizational risk management choices.

– ISO/IEC 27001 Info Management Security System Requirements: The basic needs that all assets be plainly identified and an inventory of all important assets be drawn up and preserved.

– Ziften’s Adaptive Security Framework: The first pillar consists of discovery of all your authorized and unauthorized physical and virtual devices.

Considerations in Examining Asset Discovery Solutions.

There are multiple techniques utilized for asset discovery and network mapping, and each of the approaches have advantages and disadvantages. While evaluating the myriad tools, keep these two crucial considerations in mind:.

Constant versus point-in-time.

Strong info security requires constant asset identification no matter exactly what technique is employed. Nevertheless, lots of scanning techniques utilized in asset discovery take some time to complete, and are therefore carried out occasionally. The drawback to point-in-time asset discovery is that short-term systems might only be on the network for a brief time. For that reason, it is highly possible that these transient systems will not be found.

Some discovery strategies can set off security alerts in network firewall programs, invasion detection systems, or infection scanning tools. Since these methods can be disruptive, discovery is just performed at regular, point-in-time periods.

There are, nevertheless, some asset identification strategies that can be used continuously to locate and identify linked assets. Tools that offer continuous tracking for unmanaged assets can deliver better unmanaged asset discovery results.

” Since passive detection operates 24 × 7, it will detect temporal assets that may just be occasionally and briefly connected to the network and can send out alerts when brand-new assets are identified.”.

Passive versus active.

Asset identification tools supply intelligence on all found assets consisting of IP address, hostname, MAC address, device manufacturer, and even the device type. This technology helps operations groups rapidly clean up their environments, removing rogue and unmanaged devices – even VM expansion. Nevertheless, these tools tackle this intelligence gathering in a different way.

Tools that employ active network scanning successfully probe the network to coax responses from devices. These actions provide ideas that assist determine and fingerprint the device. Active scanning regularly takes a look at the network or a segment of the network for devices that are linked to the network at the time of the scan.

Active scanning can normally provide more extensive analysis of vulnerabilities, detection of malware, and configuration and compliance auditing. However, active scanning is carried out regularly because of its disruptive nature with security infrastructure. Unfortunately, active scanning dangers missing out on transient devices and vulnerabilities that develop between scheduled scans.

Other tools utilize passive asset identification techniques. Because passive detection runs 24 × 7, it will spot temporal assets that might only be sometimes and quickly linked to the network and can send out alerts when brand-new assets are detected.

In addition, passive discovery does not disrupt sensitive devices on the network, such as industrial control systems, and allows visibility of Internet and cloud services being accessed from systems on the network. Additional passive discovery strategies prevent activating alerts on security tools throughout the network.

In Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT suggest a growing number of assets on to the business network. Regrettably, much of these assets are unidentified or unmanaged by IT. These un-managed assets pose severe security holes. Eliminating these unmanaged assets from the network – which are far more most likely to be “patient zero” – or bringing them up to corporate security standards greatly reduces a company’s attack surface area and overall risk. The bright side is that there are options that can offer continuous, passive discovery of un-managed assets.