Written By Roark Pollock And Presented By Charles Leaver CEO Ziften
Dependable IT asset management and discovery can be a network and security admin’s friend.
I don’t have to tell you the obvious; we all understand a good security program starts with an understanding of all the devices connected to the network. Nevertheless, maintaining a present inventory of every connected device utilized by employees and company partners is difficult. Even more challenging is making sure that there are no connected un-managed assets.
What is an Un-managed Asset?
Networks can have thousands of connected devices. These may consist of the following to name a few:
– User devices such as laptops, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablets.
– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.
– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.
– Other devices such as printers, and more just recently – Internet of things (IoT) devices.
Sadly, much of these linked devices may be unknown to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are referred to as “un-managed assets.”
The variety of un-managed assets continues to increase for numerous businesses. Ziften discovers that as many as 30% to 50% of all linked devices could be un-managed assets in today’s enterprise networks.
IT asset management tools are normally optimized to spot assets such as computers, servers, load balancers, firewalls, and devices for storage used to deliver business applications to organization. Nevertheless, these management tools normally neglect assets not owned by the company, such as BYOD endpoints, or user-deployed wireless access points. A lot more unpleasant is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Must Change”, that IoT devices have exceeded employees and visitors as the most significant user of the business network.1.
Gartner goes on to describe a new trend that will present much more un-managed assets into the enterprise environment – bring your own things (BYOT).
Essentially, staff members bringing items which were designed for the wise home, into the workplace environment. Examples include smart power sockets, smart kettles, smart coffee machines, clever light bulbs, domestic sensing units, wireless web cams, plant care sensing units, environmental controls, and eventually, home robotics. A lot of these things will be brought in by staff seeking to make their working environment more congenial. These “things” can pick up info, can be managed by apps, and can communicate with cloud services.1.
Why is it Essential to Discover Un-managed Assets?
Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften stated, “Security begins with understanding exactly what physical and virtual devices are connected to the business network. But, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.
These blind spots not just increase security and compliance danger, they can increase legal danger. Info retention policies created to limit legal liability are unlikely to be applied to electronically stored details contained on unauthorized virtual, mobile and cloud assets.
Keeping an up-to-date stock of the assets on your network is vital to great security. It’s common sense; if you don’t know it exists, you cannot know if it is safe. In fact, asset visibility is so essential that it is a fundamental part of a lot of information security frameworks consisting of:
– SANS Crucial Security Controls for efficient cyber defense: Establishing an inventory of licensed and unauthorized devices is number one on the list.
– Council on CyberSecurity Important Security Controls: Producing an inventory of authorized and unapproved devices is the first control in the prioritized list.
– NIST Information Security Continuous Monitoring for Federal Information Systems and Organizations – SP 800-137: Info security constant tracking is specified as preserving ongoing awareness of information security, vulnerabilities, and threats to support organizational threat management choices.
– ISO/IEC 27001 Information Management Security System Requirements: The standard needs that assets be plainly determined and an inventory of very important assets be prepared and preserved.
– Ziften’s Adaptive Security Framework: The first pillar consists of discovery of all your licensed and unapproved physical and virtual devices.
Factors To Consider in Examining Asset Discovery Solutions.
There are multiple techniques utilized for asset discovery and network mapping, and each of the techniques have benefits and disadvantages. While assessing the myriad tools, keep these two key factors to consider in mind:.
Continuous versus point-in-time.
Strong information security needs constant asset discovery regardless of what approach is used. However, numerous scanning methods utilized in asset identification require time to finish, and are therefore carried out regularly. The disadvantage to point-in-time asset identification is that short-term systems may only be on the network for a short time. For that reason, it is extremely possible that these short-term systems will not be found.
Some discovery strategies can set off security alerts in network firewalls, intrusion detection systems, or virus scanning tools. Since these methods can be disruptive, discovery is only executed at routine, point-in-time periods.
There are, nevertheless, some asset discovery methods that can be utilized continuously to find and determine linked assets. Tools that provide continuous monitoring for un-managed assets can provide much better un-managed asset discovery results.
” Since passive detection operates 24 × 7, it will identify transitory assets that may just be occasionally and quickly connected to the network and can send notifications when new assets are detected.”.
Passive versus active.
Asset identification tools provide intelligence on all found assets including IP address, hostname, MAC address, device maker, as well as the device type. This technology helps operations teams quickly clean up their environments, removing rogue and un-managed devices – even VM proliferation. However, these tools tackle this intelligence gathering differently.
Tools that use active network scanning effectively penetrate the network to coax reactions from devices. These responses supply hints that help determine and finger print the device. Active scanning occasionally analyzes the network or a section of the network for devices that are connected to the network at the time of the scan.
Active scanning can typically supply more thorough analysis of vulnerabilities, malware detection, and configuration and compliance auditing. Nevertheless, active scanning is carried out regularly because of its disruptive nature with security infrastructure. Regrettably, active scanning threats missing short-term devices and vulnerabilities that emerge between scheduled scans.
Other tools utilize passive asset discovery methods. Due to the fact that passive detection runs 24 × 7, it will detect transitory assets that might just be periodically and briefly linked to the network and can send out alerts when new assets are spotted.
Additionally, passive discovery does not disrupt sensitive devices on the network, such as industrial control systems, and permits visibility of Internet and cloud services being accessed from systems on the network. Additional passive discovery techniques avoid setting off alerts on security tools throughout the network.
BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT mean more and more assets on to the business network. Unfortunately, a number of these assets are unknown or un-managed by IT. These unmanaged assets pose serious security holes. Eliminating these unmanaged assets from the network – which are far more likely to be “patient zero” – or bringing them in line with business security requirements considerably decreases a company’s attack surface and overall risk. The bright side is that there are options that can supply constant, passive discovery of unmanaged assets.