What, Why, and How of Cybersecurity Asset Management

How can we secure an IT resource if we donā€™t know that it exists or if we donā€™t have visibility into its state? To quote respected industry practitioner Adrian Sanabria, ā€œmost security and IT problems begin with visibility.ā€ Security practitioners crave visibility into the state of laptops, vices, virtual machines, applications, and users in their organization.

Overseeing security aspects of the configuration of such resources is the practice of cybersecurity asset management.

What Does Cybersecurity Asset Management Involve?

To address security issues, you must discover the gaps, and to do that you need a comprehensive and reliable inventory of your asset. Therefore, cybersecurity asset management involves:

  1. Obtaining and continually updating an accurate inventory of all IT resources.
  2. Discover security gaps related to the assetā€™s presence or configuration.
  3. Enforcing security requirements to rapidly address the identified gaps.

Asset management plays such a foundational role in a cybersecurity program, that CIS Critical Controls lists the need to inventory and control hardware and software assets as its first two security measures. Along these lines, asset management is the first category in the NIST Cybersecurity Framework. For yet another example, consider guidance by the Security and Exchange Commission, which highlights the need to inventory hardware and software so the organization knows where its assets ā€œare located, and how they are protected.ā€

Unfortunately, implementing this process in a reliable, timely, and efficient manner has been one of our industryā€™s major challenges.

Repercussions of Poor Asset Management

Poor asset management practices dramatically increase the chances that threat actors will be able to achieve their objectives, be they to steal sensitive data, disrupt business operations, or otherwise put the organization at risk.

After all, an attackerā€™s entry point is often the server that nobody knew existed, the laptop that lacked antivirus software, the application that was missing a patch, the port that was left open, or the user account that wasnā€™t locked down. Asset management is essential to being able to address such risks efficiently and consistently.

Why Donā€™t We All Have Asset Management Already?

If asset management is so important for cybersecurity, why havenā€™t all enterprises implemented it yet? ā€œBasics are hard,ā€ as Adrian Sanabria put it.

Even outside cybersecurity, we know that essential hygiene steps such as washing hands can prevent diseases. Yet, many people (including healthcare professionals) donā€™t regularly wash their hands. And look at our habits related to eating and exercise: though we know what weā€™re supposed to do, many of us donā€™t do it.

In cybersecurity, weā€™re often attracted to exciting-sounding disciplines, say threat hunting or red-teaming. Weā€™re drawn to sexy technologies such as machine learning for malware or anomaly detection. We struggle taking a step back to build a foundation for the security program, even if we know itā€™ll enable cool efforts such as spotting intrusions and fighting malware.

Another reason why asset management has been a challenge is the lack of effective tooling. Keeping track of IT resources is often a manual, error-prone process that consumes much time and yields few benefits. For asset management to deliver its full potential, it needs to be automated and easy to implement.

The Joys of Asset Management

Security leaders whoā€™ve implemented effective asset management will live longer, healthier, and more fulfilling lives.

More seriously: Asset management allows security leaders to succeed at other initiatives, from rolling out a new antivirus agent to improving oversight of cloud resources. It bolsters the security organizationā€™s efficiency, allows it to track and demonstrate progress, and enables preventing a variety of issues before they escalate into major incidents.

Those whoā€™ve implemented asset management in a way that keeps up with todayā€™s dynamic environments derive another benefit. Such organizations discover that every group related to IT and cybersecurity comes to the asset management system for answers to questions about vulnerabilities, threats, incidents, compliance, troubleshooting, and more. The once unsexy asset management system becomes the crux of critical decisions and investigations.

Approaching Cybersecurity Asset Management

Hereā€™s the good news. Todayā€™s enterprises already have many IT and security systems that know about some portion of the organizationā€™s assets. These include:

  • Identity and systems management tools
  • Endpoint security management software
  • Vulnerability scanning tools
  • Passive and active network monitoring solutions
  • Cloud orchestration technologies

The challenge from the perspective of asset management is that these systems typically exist as data silos, requiring cumbersome efforts to get a unified and actionable view on asset details across multiple systems.

Organizations can advance their asset management program by extracting useful configuration and other state data out of these systems. The next step is to clean the data to find useful information across the multiple data sources.

As you can imagine, achieving this involves a lot of automation and know-how. This is where Axonius, where I lead the cybersecurity program, comes in.

The Axonius Asset Management Platform

Axonius de-duplicates and correlates the data to automatically provide an authoritative and accurate inventory. By looking at their assets from several perspectives, our customers can ask meaningful questions, such as:

  • Which systems are missing an endpoint agent or where is the agent misconfigured?
  • Which cloud or other resources arenā€™t being scanned for vulnerabilities?
  • Which unmanaged devices are present on the network?
  • Which users with access to critical systems donā€™t have two-factor authentication enabled?

After asking and answering questions like these, customers can direct Axonius to take action, such as open a ticket, email an analyst, quarantine the system, deploy an agent, and so on. Request a demo to see the Axonius Cybersecurity Asset Management Platform for yourself.

 

Ad

No posts to display