Chuck Leaver – The Best IT Security Comes From Identification And Asset Management

Written By Roark Pollock And Presented By Chuck Leaver CEO Ziften

 

Reliable IT asset management and discovery can be a network and security admin’s friend.

I don’t need to inform you the obvious; all of us understand a good security program starts with an audit of all the devices linked to the network. However, preserving a present inventory of every connected device utilized by employees and service partners is not easy. Even more tough is making sure that there are no connected unmanaged assets.

Exactly what is an Un-managed Asset?

Networks can have thousands of linked devices. These may include the following among others:

– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), smart phones, and tablets.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.

– Other devices such as printers, and more recently – Internet of things (IoT) devices.

Unfortunately, a number of these connected devices may be unknown to IT, or not managed by IT group policies. These unidentified devices and those not managed by IT policies are referred to as “un-managed assets.”

The number of un-managed assets continues to increase for lots of companies. Ziften discovers that as many as 30% to 50% of all linked devices could be unmanaged assets in today’s business networks.

IT asset management tools are typically optimized to spot assets such as PCs, servers, load balancers, firewalls, and storage devices utilized to deliver business applications to organization. Nevertheless, these management tools typically disregard assets not owned by the company, such as BYOD endpoints, or user deployed wireless access points. Even more troubling is that Gartner asserts in “Beyond BYOD to IoT, Your Enterprise Network Access Policy Should Change”, that IoT devices have gone beyond workers and visitors as the most significant user of the enterprise network.1.

Gartner goes on to describe a new pattern that will introduce a lot more un-managed assets into the organization environment – bring your own things (BYOT).

Basically, employees bringing items which were designed for the wise home, into the workplace environment. Examples include wise power sockets, smart kettles, clever coffee makers, wise light bulbs, domestic sensing units, wireless webcams, plant care sensing units, environmental protections, and eventually, home robots. Much of these objects will be brought in by staff looking to make their workplace more congenial. These “things” can notice details, can be managed by apps, and can communicate with cloud services.1.

Why is it Crucial to Identify Un-managed Assets?

Quite simply, unmanaged assets develop IT and security blind spots. Mike Hamilton, SVP of Product at Ziften stated, “Security begins with understanding exactly what physical and virtual devices are connected to the business network. But, BYOD, shadow IT, IoT, and virtualization are making that more tough.”.

These blind spots not just increase security and compliance danger, they can increase legal risk. Info retention policies created to restrict legal liability are unlikely to be applied to electronically stored information included on unauthorized cloud, mobile, and virtual assets.

Keeping a current stock of the assets on your network is important to excellent security. It’s common sense; if you do not know it exists, you cannot understand if it is safe. In fact, asset visibility is so essential that it is a foundational part of many information security infrastructures consisting of:

– SANS Vital Security Controls for efficient cyber defense: Developing a stock of authorized and unauthorized devices is primary on the list.

– Council on CyberSecurity Important Security Controls: Creating an inventory of licensed and unauthorized devices is the first control in the prioritized list.

– NIST Info Security Continuous Monitoring for Federal Information Systems and Organizations – SP 800-137: Information security continuous tracking is defined as keeping ongoing awareness of info security, vulnerabilities, and risks to support organizational threat management choices.

– ISO/IEC 27001 Info Management Security System Requirements: The basic requires that assets be clearly recognized and a stock of all important assets be drawn up and preserved.

– Ziften’s Adaptive Security Framework: The first pillar includes discovery of all your authorized and unauthorized physical and virtual devices.

Factors To Consider in Assessing Asset Discovery Solutions.

There are numerous techniques utilized for asset discovery and network mapping, and each of the approaches have advantages and disadvantages. While evaluating the myriad tools, keep these two essential factors to consider in mind:.

Constant versus point-in-time.

Strong information security needs continuous asset discovery regardless of what technique is used. Nevertheless, many scanning strategies utilized in asset discovery take time to complete, and are therefore performed periodically. The drawback to point-in-time asset identification is that transient systems may just be on the network for a short time. Therefore, it is extremely possible that these short-term systems will not be found.

Some discovery methods can set off security notifications in network firewall programs, intrusion detection systems, or virus scanning tools. Because these methods can be disruptive, discovery is just performed at routine, point-in-time periods.

There are, however, some asset identification strategies that can be used continuously to locate and recognize connected assets. Tools that offer constant monitoring for un-managed assets can deliver much better un-managed asset discovery outcomes.

” Due to the fact that passive detection runs 24 × 7, it will discover temporal assets that may just be periodically and briefly connected to the network and can send out alerts when brand-new assets are spotted.”.

Passive versus active.

Asset identification tools provide intelligence on all discovered assets consisting of IP address, hostname, MAC address, device producer, and even the device type. This innovation assists operations teams rapidly clean up their environments, removing rogue and unmanaged devices – even VM proliferation. Nevertheless, these tools go about this intelligence gathering differently.

Tools that utilize active network scanning effectively penetrate the network to coax responses from devices. These reactions offer ideas that help recognize and fingerprint the device. Active scanning periodically takes a look at the network or a sector of the network for devices that are connected to the network at the time of the scan.

Active scanning can usually supply more extensive analysis of vulnerabilities, malware detection, and configuration and compliance auditing. Nevertheless, active scanning is performed occasionally because of its disruptive nature with security infrastructure. Regrettably, active scanning dangers missing out on short-term devices and vulnerabilities that emerge between scheduled scans.

Other tools utilize passive asset identification strategies. Because passive detection operates 24 × 7, it will find transitory assets that might only be occasionally and quickly linked to the network and can send alerts when brand-new assets are detected.

Furthermore, passive discovery does not disrupt delicate devices on the network, such as commercial control systems, and enables visibility of Internet and cloud services being accessed from systems on the network. Additional passive discovery methods avoid triggering alerts on security tools throughout the network.

Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT mean more and more assets on to the organization network. Regrettably, many of these assets are unknown or un-managed by IT. These unmanaged assets pose serious security holes. Removing these unmanaged assets from the network – which are far more most likely to be “patient zero” – or bringing them up to corporate security requirements greatly minimizes an organization’s attack surface area and general risk. The good news is that there are solutions that can supply continuous, passive discovery of un-managed assets.