Written By Roark Pollock And Presented By Charles Leaver CEO Ziften
Trustworthy IT asset management and discovery can be a network and security admin’s best friend.
I don’t need to inform you the apparent; we all understand a great security program begins with an audit of all the devices linked to the network. However, maintaining an existing inventory of every linked device used by workers and service partners is challenging. Much more challenging is making sure that there are no connected un-managed assets.
What is an Unmanaged Asset?
Networks can have countless connected devices. These might consist of the following to name a few:
– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), smart phones, and tablet devices.
– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.
– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.
– Other devices such as printers, and more just recently – Internet of things (IoT) devices.
Unfortunately, a number of these connected devices might be unidentified to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are described as “unmanaged assets.”
The number of unmanaged assets continues to increase for numerous companies. Ziften discovers that as many as 30% to 50% of all connected devices could be unmanaged assets in today’s business networks.
IT asset management tools are typically optimized to identify assets such as PCs, servers, load balancers, firewalls, and devices for storage utilized to deliver business applications to organization. Nevertheless, these management tools usually disregard assets not owned by the organization, such as BYOD endpoints, or user-deployed wireless access points. A lot more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Should Change”, that IoT devices have gone beyond staff members and guests as the most significant user of the enterprise network.1.
Gartner goes on to explain a new pattern that will introduce even more un-managed assets into the business environment – bring your own things (BYOT).
Essentially, staff members bringing items which were created for the clever home, into the office environment. Examples include smart power sockets, smart kettles, smart coffee makers, wise light bulbs, domestic sensors, wireless webcams, plant care sensors, environmental controls, and ultimately, home robotics. Many of these things will be brought in by staff looking to make their working environment more congenial. These “things” can pick up information, can be managed by apps, and can communicate with cloud services.1.
Why is it Essential to Identify Unmanaged Assets?
Quite simply, unmanaged assets develop IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security starts with knowing exactly what physical and virtual devices are linked to the business network. But, BYOD, shadow IT, IoT, and virtualization are making that more tough.”.
These blind spots not just increase security and compliance threats, they can increase legal risk. Info retention policies designed to limit legal liability are not likely to be applied to electronically stored information consisted of on unapproved virtual, mobile and cloud assets.
Maintaining an updated inventory of the assets on your network is important to excellent security. It’s common sense; if you have no idea it exists, you cannot understand if it is protected. In fact, asset visibility is so crucial that it is a foundational part of the majority of info security infrastructures including:
– SANS Important Security Controls for reliable cyber defense: Developing an inventory of licensed and unauthorized devices is primary on the list.
– Council on CyberSecurity Vital Security Controls: Producing a stock of licensed and unapproved devices is the very first control in the focused list.
– NIST Info Security Constant Tracking for Federal Info Systems and Organizations – SP 800-137: Info security constant tracking is defined as preserving continuous awareness of info security, vulnerabilities, and threats to support organizational danger management decisions.
– ISO/IEC 27001 Info Management Security System Requirements: The standard needs that assets be clearly identified and a stock of very important assets be drawn up and preserved.
– Ziften’s Adaptive Security Structure: The very first pillar includes discovery of all your authorized and unapproved physical and virtual devices.
Considerations in Evaluating Asset Discovery Solutions.
There are multiple strategies utilized for asset discovery and network mapping, and each of the methods have benefits and downsides. While examining the myriad tools, keep these two essential considerations in mind:.
Continuous versus point-in-time.
Strong information security needs continuous asset identification no matter exactly what approach is used. Nevertheless, lots of scanning techniques used in asset discovery require time to finish, and are hence performed occasionally. The downside to point-in-time asset identification is that short-term systems might only be on the network for a short time. Therefore, it is extremely possible that these transient systems will not be found.
Some discovery methods can activate security notifications in network firewall software, invasion detection systems, or infection scanning tools. Because these methods can be disruptive, discovery is just executed at routine, point-in-time intervals.
There are, however, some asset discovery strategies that can be used continually to locate and recognize linked assets. Tools that provide constant monitoring for un-managed assets can provide much better unmanaged asset discovery results.
” Since passive detection runs 24 × 7, it will identify temporal assets that may only be sometimes and briefly linked to the network and can send out alerts when brand-new assets are identified.”.
Passive versus active.
Asset identification tools provide intelligence on all found assets including IP address, hostname, MAC address, device manufacturer, as well as the device type. This innovation helps operations teams quickly tidy up their environments, getting rid of rogue and unmanaged devices – even VM proliferation. However, these tools go about this intelligence gathering in a different way.
Tools that utilize active network scanning successfully probe the network to coax reactions from devices. These actions offer ideas that help identify and finger print the device. Active scanning periodically examines the network or a section of the network for devices that are connected to the network at the time of the scan.
Active scanning can normally supply more thorough analysis of vulnerabilities, malware detection, and configuration and compliance auditing. Nevertheless, active scanning is performed periodically because of its disruptive nature with security infrastructure. Regrettably, active scanning risks missing out on transient devices and vulnerabilities that occur in between scheduled scans.
Other tools utilize passive asset identification techniques. Because passive detection operates 24 × 7, it will discover temporal assets that may only be sometimes and briefly connected to the network and can send notifications when new assets are found.
In addition, passive discovery does not disturb sensitive devices on the network, such as commercial control systems, and enables visibility of Internet and cloud services being accessed from systems on the network. Further passive discovery methods prevent triggering notifications on security tools throughout the network.
BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT imply more and more assets on to the organization network. Unfortunately, much of these assets are unknown or unmanaged by IT. These unmanaged assets present serious security holes. Eliminating these un-managed assets from the network – which are much more most likely to be “patient zero” – or bringing them up to business security standards significantly reduces a company’s attack surface area and general risk. Fortunately is that there are solutions that can provide constant, passive discovery of un-managed assets.