Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/10/2019
02:00 PM
Pablo Quiroga
Pablo Quiroga
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why You Need a Global View of IT Assets

It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.

There is one simple truth of effective cybersecurity: You can't protect what you don't see. Comprehensive visibility is the foundation of good security — and it is becoming increasingly difficult to achieve. The ultimate goal is to have a platform designed to simplify security by providing a single source of truth for IT, security, and compliance.

Seismic Shifts in the IT Landscape
The modern IT environment presents many challenges. As companies transition to the cloud, the result in most cases is a hybrid environment that includes both on-premises and cloud resources — sometimes scattered across a multicloud environment. At the same time, the network perimeter has become irrelevant and the lines of "inside" and "outside" the network have blurred. The explosion of Internet of Things devices, the use of mobile devices, and the rise of DevOps and containers mean an exponential increase in the number of resources connected to your network. A consequence of this expanding and shifting IT landscape is a lack of cohesive visibility.

The hodgepodge of tools yields a segmented, partial view of crucial information. For many organizations, the only way to achieve some semblance of "complete" visibility is an ineffective manual effort to combine and correlate data from the various tools. Ultimately, the manual effort is time-consuming and inaccurate, and it quickly becomes obsolete as the environment changes rapidly. The manual effort is also inefficient because it utilizes highly trained IT and security engineering personnel for menial tasks rather than allowing them to focus their skills on executing projects and making better business decisions.

The Inherent Challenges with IT Asset Data
To begin to solve this problem, you have to first understand the three challenges of IT asset data: volume, velocity, and variance.

Hybrid IT environments are volatile and dynamic. The number of managed and unmanaged devices connected to your network at any time can be massive. These environments are continuously changing at an unprecedented speed — software upgrades and configuration changes, containers and virtual machines being spun up and down. 

Perhaps the biggest challenge is variance. The same data point may be referenced in different ways or under different names across various products and services. As technology providers go through mergers and acquisitions, new tools and platforms are integrated into the mix, and correlating all of the IT asset data together can be complex.

Dealing with the volume, velocity, and variance in IT data could become quickly overwhelming. Legacy tools that attempt to collect partial data at infrequent times fail to deliver the foundation required for an effective security architecture framework.

Foundation of Your Security Architecture
A report from the U.S. Department of Defense Inspector General released in July 2018 found that none of the commands or divisions of the three military branches maintains an accurate inventory of their software. They all have gaps in visibility of what is on their own internal networks — resulting in a variety of negative consequences, such as software being underutilized, obsolete software that creates risk, duplicate or redundant applications being purchased, and — perhaps most importantly — no way to identify or remediate vulnerabilities or accurately assess security posture.

One example of the importance of effective IT asset management is the Wannacry ransomware attack in May 2017. Microsoft issued a critical patch in March 2017 that would have prevented systems from being compromised, yet nearly a quarter-million systems across 150 countries were paralyzed when the attack hit. In many cases, the reason organizations were caught off-guard is that the ransomware compromised vulnerable systems — primarily end-of-life systems and unauthorized software — on their networks that they were not even aware of.

You most likely have all of the data you need — you just need an efficient method of pulling in data from all facets of the company to harness it effectively. You need to be able to monitor and update asset inventory in real time, and normalize, categorize, and enrich it with context to ensure its relevance and accuracy. It's also important to have seamless integration with your CMDB (configuration management database) and service ticketing system to facilitate remediation and resolution of any issues.

Achieve Your First Compliance Milestone
Accurate IT asset management is also essential for compliance. You can't claim that you are taking reasonable steps to secure and protect assets or data that you aren't even aware of.

There's a reason why the Center for Internet Security (CIS) starts its list of 20 Critical Security Controls with these two:

  • Inventory of Authorized and Unauthorized Devices
  • Inventory of Authorized and Unauthorized Software

CIS estimates that organizations can slash their risk of cyberattack by a whopping 85% if they apply these two controls, along with the next three (Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers; Continuous Vulnerability Assessment and Remediation; and Controlled Use of Administrative Privileges).

First Steps
Effective cybersecurity and compliance are essential for organizations around the world, across every industry, and regardless of size. Businesses must look at assets in a different way than they have traditionally to address the shifting threat landscape and encourage cooperation and collaboration between DevOps and cybersecurity teams. Visibility is becoming increasingly important, and a single source of truth for IT asset management is crucial to simplify and streamline security and compliance.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Pablo Quiroga is a Director of Product Management at Qualys. He has 12 years of experience in enterprise IT and security. At Qualys, he leads product definition, road map and strategy for IT asset management solutions. Pablo has helped numerous customers gain significantly ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/10/2019 | 3:56:41 PM
Great commentary, this was good.
I wish NASA would have taken this into consideration because the data they lost in the Raspberry PI (the PI was not discovered only after 10 months passed with no detection) is beyond me.

This is something they need to practice and put in place, inventorying their environment (consistently).

I think this article is definitely meant for them, very good.



I have not heard any firings of anyone, it is interesting what we hear from this incident.

T
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.