logo
Technology

Why You Need To Take Asset Inventory Seriously

An old saying which always struck me as strange and misguided is "What you don't know can't hurt you". Of course what you don't know can hurt you, especially if it's an unseen oncoming vehicle, for example, or if you work in the cybersecurity space.

|
Jul 09, 2023
Why You Need To Take Asset Inventory Seriously

If you work in cybersecurity, the saying does not apply and will get you into trouble at some point. Nobody expects you to know everything, but they expect you to know what assets you have on your corporate networks plugged into your IT infrastructure. It's the first thing I look for when speaking to an organisation for the first time.

Generally speaking, the more that an organisation can tell you about their inventory of PC's, tablets, smartphones, servers, wireless access points and wireless access points, the better they are at cybersecurity. It may surprise you to discover that most organisations do not have a firm handle on their asset inventory.

This is shocking in itself because asset discovery is a foundational IT security measure and it's impossible to defend your IT infrastructure unless you have an up-to-date list of what you are defending. When you learn that most companies do not maintain an active list of their assets, it's not at all surprising that so many get breached.

When I talk to organisations about cybersecurity, I ask them questions like "what internet-facing assets do you have?", or "do you know where your data is and who has access to it" and if they scratch their heads a little piece of me dies inside.

I know that they will be vulnerable everywhere because they do not understand what they are defending. The single most effective cybersecurity action an organisation can make is to assign a dedicated person to estate discovery and maintaining an 'as close to real-time as possible' list of the company assets connected to their IT infrastructure.

If your organisation does not have a handle on the basics like asset inventory, whatever security tools you have in place are for show and a breach is just a matter of time, alarm bells should be ringing. Organisations are may find it tough to keep a handle on the number of PCs, BYOD hardware, servers, load balancers, firewalls and storage devices that connect to their networks, but when an unknown device is used to exfiltrate something valuable from your network, not knowing about it will not fly as an excuse.

THE BREACH IS GOING TO BE YOUR FAULT

If you are unlucky enough to get breached and have the investigators discover that, you have no accurate asset inventory, the breach was your fault, and that's a concept even the C level will understand. Now that we have established that estate discovery is a fundamental piece of your IT security and that without it you will almost certainly get the blame for breaches, let's look at what you can do to get yourself out of this mess.

Immediately Eliminate Your Blind Spots - Let's be honest, you might know which PC's and employee mobile devices you have connected to your networks, but everything from random BYOD endpoints and IoT devices, to unauthorized SaaS applications, file sharing, and cloud storage is a potential blind spot. Your first step is to immediately eliminate all of those blind spots and you should view them as black holes full of security, legal and compliance risk that need to be plugged immediately if you are to remain compliant.

If You Do Not Have The Right Tools, Get Them - Your IT asset management tools let you detect things like servers, firewalls, load balancers and network storage, but what you really need is an automated tool that will give you visibility over every part of your network and ideally conforms to estate discovery best practices. Your solution needs to be able to scan your network address ranges and analyze traffic in order to identify unknown assets. It then needs to be able to drill down into those assets for granular information about connections, permissions, usage and tag the asset for future tracking.

Inventory & Control Your Hardware & Software Assets - You absolutely need to be actively managing (meaning tracking and keeping an inventory) of your hardware and software assets. Only authorized hardware can be given access to your networks and only authorized software can be installed onto your endpoints. You need to know which employees can use your hardware or software and know which users should not be accessing it and estate discovery can help you accomplish this.

Hire Or Appoint A Dedicated Asset Controller - This should go without saying, but you absolutely need to appoint somebody to assume responsibility for maintaining an accurate inventory of your assets, if you are to ever hope to get a handle on them in any way. This is the single most effective action that you can make in order to improve your overall cybersecurity posture, appointing a dedicated asset controller will yield a significant return on investment compared to almost anything else.

Consider Bringing In The Professionals - There is so much complexity to network topology, only so much time in your busy IT teams schedule and so many different tools on the market that it can be difficult for organisations to know which steps to take first and how to make them. If this is the case for your organisations, then your best bet is to bring in the professionals. I spoke to Marek Bialoglowy, the CTO of cybersecurity firm ITSEC and asked him how often they get called in to conduct estate discovery projects, he told me "a substantial part of our work is helping our clients work out exactly what they are defending and often they call us in to act as a force multiplier to their existing IT team and help them bring their asset management processes up to best practice".

Whichever route you take to discovering all of the assets connected to your networks, you absolutely need to start right now if you have not done so already. Estate discovery is such a fundamental tenet of IT security, that it must be prioritized and actively managed if you ever hope to properly secure your networks against a rapidly rising tide of cyber threats inevitably heading towards your organisation.

Share this post

You may also like

This is Why You Need Cybersecurity Honeypots!
Technology

This is Why You Need Cybersecurity Honeypots!

How can we know this? Just like how we can learn about most global cyber threats, the techniques used, the timing chosen, and the tools utilized, the answer lies in honeypots. Honeypots are information system resources whose value lies in the unauthorized or illegal use of those resources, meaning they prove their worth when a hacker attempts to interact with them. Honeypot resources are typically disguised as network servers, appearing and feeling like legitimate servers, but in reality, they are traps used to lure unauthorized intruders. How did analysts discover EternalRocks? It happened because of the presence of honeypots. It's a creative game of cat and mouse that sets clever traps. The adversaries who come either try to outsmart the trap or recognize something suspicious and avoid it, or in some cases, sabotage it. This was humorously responded to by one researcher who wrote a tweet entertaining many, saying, "For those of you who know my honeypot is a honeypot, can you stop placing Pooh bear (honey) pictures on it?" Please

|
Jul 09, 2023 5 minutes read
ITSEC Guide to DevSecOps
Technology

ITSEC Guide to DevSecOps

Tips
Hacks

Any technical team currently using the DevOps framework should seek ways to move towards the DevSecOps mindset by enhancing the security skills of each team member from various technology backgrounds. From building business-focused cybersecurity services to testing potential cybersecurity exploits, the DevSecOps framework ensures that cybersecurity is built by embedding it into applications rather than being just an add-on. By ensuring security considerations at every stage of software delivery, you continuously integrate security, which reduces compliance costs and enables the rapid and secure delivery of software. DEVSECOPS IN PRACTICE The advantage of DevSecOps is that it brings about increased automation along the software delivery pipeline. This automation is beneficial in the long run as it eliminates errors, reduces cyberattacks, and minimizes downtime. Organizations looking to integrate security into their DevOps framework find that the process can be relatively seamless if they use the right DevSecOps tools. The workflows of DevOps and DevSecOps can be summarized as follows: An engineer writes code within a version control platform. Changes are applied to the version

AdministratorAdministrator
|
Jul 10, 2023 4 minutes read
Guide to Open Source Intelligence (OSINT)
Technology

Guide to Open Source Intelligence (OSINT)

Tips
Hacks

OSINT can enable you to see further, and this can bring significant benefits to your business, such as protecting you from threats, providing insights into your competitors' strategies, and helping you understand partners and individuals before investing in them. Most importantly, OSINT is an important investigative tool for lawyers, detectives, law enforcement personnel, and anyone with a need to gather intelligence and investigate a subject. This article, the first in a series I'm writing on OSINT, will explain what OSINT is and how you can use OSINT to your professional advantage because we can all benefit from looking deeper and knowing more rather than just assuming. INTRODUCTION Over time, the internet has transformed the world into a very small place. The widespread access to the internet by billions of people worldwide for communication and the exchange of digital data has ushered in the "information age." In this information age, the term open-source intelligence (OSINT) refers to all publicly available information that you can see, and some parts that you can't

|
Jul 10, 2023 8 minutes read

Receive weekly
updates on new posts

Subscribe