Asset Management Holds the Key to Enterprise Defense

Security professionals know that they need to be aware of the assets within their environments if they are to keep their organizations secure. After all, without a comprehensive view into asset inventory, it's impossible to perform effective risk assessment and prioritization of security efforts, vulnerability and attack surface management, and incident response.

The problem is, obtaining that accurate picture has remained elusive. It's a challenge that has increased in complexity and scale, often requiring chasing down information held within siloed teams, and in many ways lacks effective automation. In a recent Dark Reading report, "Effective Asset Management Is Critical to Enterprise Cybersecurity," experts outline the efforts needed to identify and manage business-technology assets to effectively protect an organization.

"Organizations struggle with gaining good visibility," says Tom Eston, offensive security expert and VP of consulting at cybersecurity services provider Bishop Fox.

Eston has witnessed the damage that can occur to an enterprise with a weak understanding of their networked assets. Much of the struggle Eston describes is due to the scale involved in obtaining a comprehensive asset inventory.

"There are just so many assets today," he says. "There are personal devices, company devices, and everything is now networked."

Eston shares an incident about when the physical security department at a client installed a number of inexpensive video cameras on their company network — and then forgot about them.

"No one knew these devices were installed. No one," he recalls. "They got popped."

Such challenges are at the top of CISOs' minds across every industry and for companies of all sizes. Jason Rader, VP and CISO at solutions integrator Insight Enterprises, agrees with Eston; he has had similar experiences.

"You can't secure what you can't see," he says.

The need for continuous digital transformation in the enterprise means asset management is a challenge that isn't going away. The underlying investments organizations make in software — both on-premises and cloud services — and the networked devices that entail such efforts will continue to create a complex, sprawling landscape of business-technology assets that, if not correctly identified and managed, will leave organizations vulnerable.

Download the report to learn how to gain control of your attack surfaces — not only how to know and discover the assets they have in place, but also to understand the security posture of these devices. This includes everything: on-premises software, endpoints, servers, the Internet of Things, operational technology and industrial-control system (OT/ICS) technologies, virtualized workloads, and cloud services.