Your IT Security Starts With Asset Identification and Management – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften


Trustworthy IT asset management and discovery can be a network and security admin’s best friend.

I don’t need to inform you the apparent; we all understand a great security program begins with an audit of all the devices linked to the network. However, maintaining an existing inventory of every linked device used by workers and service partners is challenging. Much more challenging is making sure that there are no connected un-managed assets.

What is an Unmanaged Asset?

Networks can have countless connected devices. These might consist of the following to name a few:

– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), smart phones, and tablet devices.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Unfortunately, a number of these connected devices might be unidentified to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are described as “unmanaged assets.”

The number of unmanaged assets continues to increase for numerous companies. Ziften discovers that as many as 30% to 50% of all connected devices could be unmanaged assets in today’s business networks.

IT asset management tools are typically optimized to identify assets such as PCs, servers, load balancers, firewalls, and devices for storage utilized to deliver business applications to organization. Nevertheless, these management tools usually disregard assets not owned by the organization, such as BYOD endpoints, or user-deployed wireless access points. A lot more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Should Change”, that IoT devices have gone beyond staff members and guests as the most significant user of the enterprise network.1.

Gartner goes on to explain a new pattern that will introduce even more un-managed assets into the business environment – bring your own things (BYOT).

Essentially, staff members bringing items which were created for the clever home, into the office environment. Examples include smart power sockets, smart kettles, smart coffee makers, wise light bulbs, domestic sensors, wireless webcams, plant care sensors, environmental controls, and ultimately, home robotics. Many of these things will be brought in by staff looking to make their working environment more congenial. These “things” can pick up information, can be managed by apps, and can communicate with cloud services.1.

Why is it Essential to Identify Unmanaged Assets?

Quite simply, unmanaged assets develop IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security starts with knowing exactly what physical and virtual devices are linked to the business network. But, BYOD, shadow IT, IoT, and virtualization are making that more tough.”.

These blind spots not just increase security and compliance threats, they can increase legal risk. Info retention policies designed to limit legal liability are not likely to be applied to electronically stored information consisted of on unapproved virtual, mobile and cloud assets.

Maintaining an updated inventory of the assets on your network is important to excellent security. It’s common sense; if you have no idea it exists, you cannot understand if it is protected. In fact, asset visibility is so crucial that it is a foundational part of the majority of info security infrastructures including:

– SANS Important Security Controls for reliable cyber defense: Developing an inventory of licensed and unauthorized devices is primary on the list.

– Council on CyberSecurity Vital Security Controls: Producing a stock of licensed and unapproved devices is the very first control in the focused list.

– NIST Info Security Constant Tracking for Federal Info Systems and Organizations – SP 800-137: Info security constant tracking is defined as preserving continuous awareness of info security, vulnerabilities, and threats to support organizational danger management decisions.

– ISO/IEC 27001 Info Management Security System Requirements: The standard needs that assets be clearly identified and a stock of very important assets be drawn up and preserved.

– Ziften’s Adaptive Security Structure: The very first pillar includes discovery of all your authorized and unapproved physical and virtual devices.

Considerations in Evaluating Asset Discovery Solutions.

There are multiple strategies utilized for asset discovery and network mapping, and each of the methods have benefits and downsides. While examining the myriad tools, keep these two essential considerations in mind:.

Continuous versus point-in-time.

Strong information security needs continuous asset identification no matter exactly what approach is used. Nevertheless, lots of scanning techniques used in asset discovery require time to finish, and are hence performed occasionally. The downside to point-in-time asset identification is that short-term systems might only be on the network for a short time. Therefore, it is extremely possible that these transient systems will not be found.

Some discovery methods can activate security notifications in network firewall software, invasion detection systems, or infection scanning tools. Because these methods can be disruptive, discovery is just executed at routine, point-in-time intervals.

There are, however, some asset discovery strategies that can be used continually to locate and recognize linked assets. Tools that provide constant monitoring for un-managed assets can provide much better unmanaged asset discovery results.

” Since passive detection runs 24 × 7, it will identify temporal assets that may only be sometimes and briefly linked to the network and can send out alerts when brand-new assets are identified.”.

Passive versus active.

Asset identification tools provide intelligence on all found assets including IP address, hostname, MAC address, device manufacturer, as well as the device type. This innovation helps operations teams quickly tidy up their environments, getting rid of rogue and unmanaged devices – even VM proliferation. However, these tools go about this intelligence gathering in a different way.

Tools that utilize active network scanning successfully probe the network to coax reactions from devices. These actions offer ideas that help identify and finger print the device. Active scanning periodically examines the network or a section of the network for devices that are connected to the network at the time of the scan.

Active scanning can normally supply more thorough analysis of vulnerabilities, malware detection, and configuration and compliance auditing. Nevertheless, active scanning is performed periodically because of its disruptive nature with security infrastructure. Regrettably, active scanning risks missing out on transient devices and vulnerabilities that occur in between scheduled scans.

Other tools utilize passive asset identification techniques. Because passive detection operates 24 × 7, it will discover temporal assets that may only be sometimes and briefly connected to the network and can send notifications when new assets are found.

In addition, passive discovery does not disturb sensitive devices on the network, such as commercial control systems, and enables visibility of Internet and cloud services being accessed from systems on the network. Further passive discovery methods prevent triggering notifications on security tools throughout the network.


BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT imply more and more assets on to the organization network. Unfortunately, much of these assets are unknown or unmanaged by IT. These unmanaged assets present serious security holes. Eliminating these un-managed assets from the network – which are much more most likely to be “patient zero” – or bringing them up to business security standards significantly reduces a company’s attack surface area and general risk. Fortunately is that there are solutions that can provide constant, passive discovery of un-managed assets.


Don’t Just Rely On Your Enterprise Antivirus – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO


Dwindling Efficiency of Business Anti-virus?

Google Security Master Labels Antivirus Apps As Inadequate ‘Magic’.

At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Charged with investigation of highly sophisticated attacks, consisting of the 2009 Operation Aurora project, Bilby lumped organization anti-virus into a collection of inadequate tools set up to tick a compliance check box, but at the expenditure of real security:

We need to stop investing in those things we have shown are not effective… Anti-virus does some useful things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it inhaled all the toxic gas.

Google security experts aren’t the very first to weigh in against organization antivirus, or to draw uncomplimentary analogies, in this case to a dead canary.

Another highly skilled security group, FireEye Mandiant, compared static defenses such as business anti-virus to that infamously failed World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are quick becoming an antique in today’s hazard landscape. Organizations invest billions of dollars each year on IT security. However hackers are easily outflanking these defenses with smart, fast moving attacks.

An example of this was given by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually identified anomalous activity on one of their business customer’s networks, and reported the presumed server compromise to the customer. To the Cisco team’s awe, the customer simply ran an anti-virus scan on the server, found no detections, and positioned it back into service. Frightened, the Cisco group conferenced in the customer to their monitoring console and had the ability to show the assailant carrying out a live remote session at that very moment, total with typing mistakes and reissue of commands to the jeopardized server. Finally encouraged, the customer took the server down and completely re-imaged it – the organization antivirus had been an useless diversion – it had actually not served the customer and it had actually not deterred the cyber attack.

So Is It Time to Get Rid Of Enterprise Antivirus Now?

I am not yet ready to declare an end to the age of business antivirus. However I know that businesses have to buy detection and response abilities to match conventional antivirus. However increasingly I wonder who is complementing whom.

Skilled targeted hackers will always successfully evade antivirus defenses, so versus your greatest cyber dangers, enterprise anti-virus is basically ineffective. As Darren Bilby specified, it does do some beneficial things, but it does not supply the endpoint defense you require. So, do not let it distract you from the highest concern cyber-security financial investments, and don’t let it distract you from security measures that do essentially help.

Shown cyber defense steps include:

Setup hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint tracking, consistent vigilance.

Strong encryption and data security.

Personnel education and training.

Continuous hazard re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of business anti-virus, none of the above bullets are ‘magic’. They are simply the ongoing effort of adequate enterprise cyber-security.