Why asset management is the first step in cyber hygiene
Your challenge: how to manage millions of dynamic, distributed and diverse assets.
It is ever more challenging for IT teams to secure globally distributed workforces as well as the growing volume of assets “hiding in the shadows.” These factors make it difficult to maintain a complete and accurate inventory of every IT asset and achieve real-time visibility at scale. After all, to keep our doors and windows locked, we need to know how many there are, and where they are.
And yet we believe the security product industry has failed to deliver a viable solution to the visibility problem, offering hub-and-spoke models that are slow and that saturate networks, limiting visibility in modern and complex environments.
It’s no wonder that many organizations can’t accurately report essential details about their IT environment.
To solve this problem, it’s time to get back to basics.
To preserve and improve cyber hygiene, you first need to know what IT assets you have. Do you have 50,000, 100,000 or 500,000 computers and servers in your organization? Where are they? What are they? What’s running on them? What services do they provide?
Answering those questions helps to develop asset visibility — and follow an asset discovery and inventory process. These elements are the foundation for creating and maintaining cyber hygiene.
Why cyber hygiene depends on asset visibility
To manage your endpoints, you need three levels of knowledge:
- What assets do you have, and where are they?
- What software is running on them, and are they licensed? You need more than a hostname or an IP address.
- How do the machines on your network relate to one another, and what is their purpose? In the world of servers, for example, you may have a group of servers that exist solely to host a service, like a company website.
All companies need this information, and these elements change constantly in modern IT environments. Network assets come and go, especially with bring your own device (BYOD) policies and companies encouraging employees to work from home (WFH).
Also, as networks become more complex and rapidly change, it becomes harder to maintain visibility into them — and the consequences of losing sight of what assets there are and what those assets are doing become greater and greater.
Why organizations struggle to create asset visibility
There are two primary reasons why organizations struggle to answer basic questions about their assets to maintain cyber hygiene.
1: Endpoint discovery has become a constantly moving target.
Not every endpoint on a network is a desktop computer, laptop or server. There are printers, phones, tablets and increasing volumes of consumer and industrial internet of things (IoT) devices. That’s why mobile device management (MDM) is a growing application field.
But why should you have to worry about a consumer IoT device compromising the corporate network? Consider, for example, an employee who is working from home and the company’s security team is receiving alerts that someone is trying to break into her laptop. The source is a refrigerator with malware scanning her home network and trying to get into her device, which was temporarily on the corporate network. The same thing could occur with a smart light switch, thermostat, security camera — you name it.
Every device type can create operational and/or security risks, and the volume of these device types will continue to increase in the coming years.
2: Legacy tools struggle to create visibility in this new environment.
Asset discovery tools built 10 years ago preceded many of the systems that modern IT environments now use for daily operations. Two examples: containers and hybrid clouds.
These discovery tools can’t handle the rate of change we see now. Yet organizations often remain attached to the solutions they’re comfortable with, even though they might not be easy to use. They may take pride in mastering hard-to-use tools. Maybe they wrote custom scripts to make them work more effectively.
The unintended — and unfortunate — consequences of these limited discovery solutions: IT policies and processes are then crafted not because they’re the best way to address an issue but because they fit the capabilities of the tools in use. It’s the IT version of “if you have a hammer, everything must be a nail.” The policies are: “We must nail things.” Entrenched tools become part of the IT ecosystem. But the best IT policies should be tool-agnostic. A tool built in 1993 — or 2010 — can’t offer that flexibility.
Next step — Zero Trust
Cyber hygiene is just the first step toward creating a more secure organization. The right asset visibility capability will also lay the foundation for nearly any Zero Trust strategy or solution you choose to bring to life.
When everything is a network device, everything is a potential security vulnerability. So you need policies and procedures that break endpoints into three categories: managed, unmanaged and unmanageable.
Endpoint discovery is the first crucial step in the trend toward Zero Trust solutions. A CSO article describes Zero Trust as “a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.”
Threat response and remediation tools are only as good as the breadth of endpoints on which they’re running. With the endpoint acting as the new perimeter, endpoint discovery really is where cyber hygiene and security begin. And implementing a Zero Trust practice is the next meaningful step on that journey.
Discover how to gain a complete, accurate asset inventory by visiting Tanium.