Why Asset Management is so important for Vulnerability Management and Infrastructure Security?
Alexander Leonov
Vulnerability & Compliance Management, Security Automation, Metrics
When people ask me how should they start building Vulnerability Management process in their organization (well, sometimes it happens), I advice them to create an effective Asset Management process first. Because it’s the foundation of the whole Infrastructure Security.
The term “Asset Management” has different meanings and if you start to google it, you will get some results related mainly to finance sphere. I use this term as Qualys and Tenable. For me Asset Management is the process of dealing with network hosts.
So, what should you do in situation described in the tweet above, when you don’t know exactly how many Windows hosts you have in your corporate IT environment? And, more importantly, why do you need to know?
The role of Asset Management in Infrastructure Security
Well, starting with the second question, without knowing your hosts it’s very hard to implement Security Measures for protecting your IT infrastructure. Even the most basic of them:
- install agents for Endpoint Security, Antivirus and DLP
- configure log collection for SIEM
- make security hardening
- perform regular Vulnerability Assessment
For each of these measures you will need to know:
- all the hosts that need to be affected by Security Measure
- all the hosts where Security Measure is already implemented
- all the hosts where Security Measure is NOT implemented
- the current coverage for Security Measure in the organization
- the current state of Security Measure in the organization
- the dynamics and plans for Security Measure implementation
Simply put, you need to see what is already done and what needs to be done. Without this, there will be many blind spots in the IT infrastructure, which can be an easy target for attackers. Moreover, it will be a pretty hard to show your managers that you are actually doing your job well, if you can’t provide any measurable results.
Two reactions. They’re within an order of magnitude the same which is surprising and of course the SIEM folks have the highest number, they pay the most in licensing.
Cybersecurity Manager
5 年Love it.? They forgot to include the GRC team.? Total inventory of systems 9172, FISMA Authorized 14,172,? FISMA using 2014 NIST guidlines 10,100 ; 6150 or 52 depending on which query you use & including 301 system records last audited 2003).? SOX??? Forget it.? I can't even keep a consistent inventory of Sox in my Sock drawer.
Information Systems Security Engineer at Stephenson Technologies Corporation
5 年Ha So True
Project Manager - Migrations and Transformations
5 年Very good topic and article.? To be honest, in 20+ years, I have never seen a real good, up-to-date CMDB.? And they all end up in Excel.? Ugh. Can anyone suggest a good asset management app for a small company?? Up to 250 hosts?? Many thanks.
Director, Global IT & Center Technology at IWG plc (Regus and Spaces)
5 年It gets a lot scarier when the question is better formulated - “How many endpoints do we have?” Mission impossible to answer !