There is one simple truth of effective cybersecurity: You can't protect what you don't see. Comprehensive visibility is the foundation of good security — and it is becoming increasingly difficult to achieve. The ultimate goal is to have a platform designed to simplify security by providing a single source of truth for IT, security, and compliance.
Seismic Shifts in the IT Landscape
The modern IT environment presents many challenges. As companies transition to the cloud, the result in most cases is a hybrid environment that includes both on-premises and cloud resources — sometimes scattered across a multicloud environment. At the same time, the network perimeter has become irrelevant and the lines of "inside" and "outside" the network have blurred. The explosion of Internet of Things devices, the use of mobile devices, and the rise of DevOps and containers mean an exponential increase in the number of resources connected to your network. A consequence of this expanding and shifting IT landscape is a lack of cohesive visibility.
The hodgepodge of tools yields a segmented, partial view of crucial information. For many organizations, the only way to achieve some semblance of "complete" visibility is an ineffective manual effort to combine and correlate data from the various tools. Ultimately, the manual effort is time-consuming and inaccurate, and it quickly becomes obsolete as the environment changes rapidly. The manual effort is also inefficient because it utilizes highly trained IT and security engineering personnel for menial tasks rather than allowing them to focus their skills on executing projects and making better business decisions.
The Inherent Challenges with IT Asset Data
To begin to solve this problem, you have to first understand the three challenges of IT asset data: volume, velocity, and variance.
Hybrid IT environments are volatile and dynamic. The number of managed and unmanaged devices connected to your network at any time can be massive. These environments are continuously changing at an unprecedented speed — software upgrades and configuration changes, containers and virtual machines being spun up and down.
Perhaps the biggest challenge is variance. The same data point may be referenced in different ways or under different names across various products and services. As technology providers go through mergers and acquisitions, new tools and platforms are integrated into the mix, and correlating all of the IT asset data together can be complex.
Dealing with the volume, velocity, and variance in IT data could become quickly overwhelming. Legacy tools that attempt to collect partial data at infrequent times fail to deliver the foundation required for an effective security architecture framework.
Foundation of Your Security Architecture
A report from the U.S. Department of Defense Inspector General released in July 2018 found that none of the commands or divisions of the three military branches maintains an accurate inventory of their software. They all have gaps in visibility of what is on their own internal networks — resulting in a variety of negative consequences, such as software being underutilized, obsolete software that creates risk, duplicate or redundant applications being purchased, and — perhaps most importantly — no way to identify or remediate vulnerabilities or accurately assess security posture.
One example of the importance of effective IT asset management is the Wannacry ransomware attack in May 2017. Microsoft issued a critical patch in March 2017 that would have prevented systems from being compromised, yet nearly a quarter-million systems across 150 countries were paralyzed when the attack hit. In many cases, the reason organizations were caught off-guard is that the ransomware compromised vulnerable systems — primarily end-of-life systems and unauthorized software — on their networks that they were not even aware of.
You most likely have all of the data you need — you just need an efficient method of pulling in data from all facets of the company to harness it effectively. You need to be able to monitor and update asset inventory in real time, and normalize, categorize, and enrich it with context to ensure its relevance and accuracy. It's also important to have seamless integration with your CMDB (configuration management database) and service ticketing system to facilitate remediation and resolution of any issues.
Achieve Your First Compliance Milestone
Accurate IT asset management is also essential for compliance. You can't claim that you are taking reasonable steps to secure and protect assets or data that you aren't even aware of.
There's a reason why the Center for Internet Security (CIS) starts its list of 20 Critical Security Controls with these two:
CIS estimates that organizations can slash their risk of cyberattack by a whopping 85% if they apply these two controls, along with the next three (Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers; Continuous Vulnerability Assessment and Remediation; and Controlled Use of Administrative Privileges).
Effective cybersecurity and compliance are essential for organizations around the world, across every industry, and regardless of size. Businesses must look at assets in a different way than they have traditionally to address the shifting threat landscape and encourage cooperation and collaboration between DevOps and cybersecurity teams. Visibility is becoming increasingly important, and a single source of truth for IT asset management is crucial to simplify and streamline security and compliance.
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.