By Fabian Libeau, VP sales EMEA at Axonius
Cybersecurity asset management is a foundation stone of any security program and fundamental when regulations need to be met. Whether it relates to device discovery, endpoint protection, cloud security, vulnerability management, or anything in between, it is impossible for an organisation to be truly secure unless network and security managers have a complete understanding of everything in their IT environment.
But conventional asset inventory is all too often done manually, which can be both time consuming and liable to error. IT environments are becoming more complex, which means that these approaches are rapidly becoming even more outdated.
There is, however, another approach. By using modern cybersecurity asset management, companies have the option to build a more comprehensive, real-time inventory of their assets, which allows them to uncover gaps and trigger automated response actions if devices or users that connect to the network deviate from agreed-upon security policies, controls and expectations.
Let’s have a look at two key use cases: device discovery and vulnerability management.
Hundreds, sometimes thousands of devices, users, software applications and cloud instances are connected to today’s networks for management, tracking and security. The sheer number and complexity of these connections mean that gaining a credible and comprehensive asset inventory can be a major challenge for security and network managers.
Unmanaged devices, particularly if they are not known or accounted for, may evade an asset inventory. A mobile phone or a connected printer, for example, cannot be protected by security tools if it’s unknown to the network. Asking Active Directory (AD) to find it won’t work, and manually comparing AD data, network management and endpoint security software is time-consuming and not guaranteed to be accurate. The only way to efficiently gather data on unmanaged devices and determine whether they need to be a part of a patch schedule or have an agent installed is to use a process that continuously monitors for them.
When it comes to ephemeral devices or those that last for a short time, such as containers, cloud workloads, or virtual machines, they can be known and authorised, but it is challenging for security and network teams to identify their presence in real-time. Agent-based approaches tend to fall short as many ephemeral devices don’t have an agent to begin with and network-based tools often lack the contextual data points needed to identify these devices. Without ensuring that the devices have been patched or security agents have been deployed, organisations are putting themselves at greater risk. Finding ephemeral devices requires connecting the sources of where devices are created and deprecated, and that means implementing continuous asset discovery capabilities.
All IT systems are vulnerable, and the gap between vulnerabilities and resource capacity means that it is necessary to prioritise where the greatest risks lie, and by the same token, what the company is willing to ignore.
Vulnerability assessment tools are great for identifying known vulnerabilities on devices. The challenge is ensuring that all devices, including cloud instances and virtual machines, are scanned. The most effective way of gathering this information is to compare two or more trustworthy data sources to help identify any gaps. The challenge for most companies is that data exists in silos which can make comparisons difficult and time-consuming, leaving too much room for human error.
Asset Management for Cybersecurity is the Solution
Asset management platforms for cybersecurity work by gathering an inventory of all the assets that are actively connected to the network so security and network managers can see at-a-glance which ones are in-scope and how they are configured.
The platform works by aggregating data from different sources, assessing which devices are unmanaged or misconfigured and comprehending whether each asset complies with or deviates from agreed-upon security policies.
This means that vulnerabilities are constantly being monitored across the entire IT infrastructure. In addition, audits and penetration tests can be streamlined and the company remains compliant with industry regulations.
However, if organisations want to get the full potential out of their cybersecurity asset management solution, they need to ensure it is automated, continuous, easy to use and fast to implement. It should integrate with its existing security and management tools so it can derive asset details from a variety of data sources, regardless of whether they are managed, unmanaged, on-premise, or in the cloud.
The question for network and security managers as cybersecurity risks grow daily is whether they can take the risk of being without an always up-to-date inventory. The ability to uncover gaps in their security defences and the reassurance of action being automated whenever a vulnerability presents itself is becoming increasingly vital as the attack surface continues to expand.