Question: Why is cyber asset management so important in security?
Erkang Zheng, founder and CEO, JupiterOne: In cybersecurity, we treat the symptoms more than the root causes of vulnerability. But in order to understand the root causes, we need to understand our cyber assets. An organization is constantly evolving and adding new cyber assets constantly. It needs the proper people and processes in place to be ready for an attack. We need to do security activities, such as penetration testing and tabletop exercises, but if we undertake those procedures based on an incorrect or incomplete understanding of our organization’s assets, then all those exercises become useless.
In most cases, we still catalog our assets through an incomplete approach based on outdated technology platforms and architectures that have been built out over the past couple of decades. As a result, we assemble an incomplete picture of all our assets and resources. This is because our traditional security stacks cover a small subset of our current digital operations, providing inaccurate visibility of our environment.
Even if we have good knowledge about all of our devices, users, servers, hardware, and IP addresses, that only makes up a small percentage of our current attack surfaces. New, novel attacks will find their way into the remaining portion of our systems that run data and applications on cloud workloads, hosted storage systems, mobile phones, IoT devices, virtual environments, and more.
Cyber asset context is key to securing an organization. We must establish a more comprehensive security foundation that understands the organization and the complex connections between its cyber components for all of these reasons. Then we can properly prepare for an incoming attack and recognize the nature of the problem. We can train our teams with the right processes and playbooks to fight back when that same threat happens again – and even block future attacks to make them improbable rather than inevitable eventually.