Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Dude, Where's Your PC?

Audit exposes lost computers at counterintelligence agency, need for better inventory management

It's 5 p.m. Do you know where all of your company's computers are?

The U.S. Department of Energy's Counterintelligence Directorate doesn't. In fact, the intelligence agency -- which is tasked with protecting sensitive data and operations against espionage by foreign entities -- is missing 20 computers that may contain classified data, according to an inspection report issued last week by the DOE's Office of the Inspector General.

At least 14 of the computers were known to have processed classified information, the report says. The Counterintelligence Directorate's inventory records "were so imprecise and inaccurate that [the agency] had to resort to extraordinary means to locate an additional 125 computers."

"Based on these findings, we concluded that Counterintelligence was unable to assure that the computers for which it is accountable, and the often highly-sensitive and/or classified information they processed, were appropriately controlled or were adequately guarded from loss and theft," the Inspector General concluded.

In a time when a single lost laptop can cause a nationwide news scandal, the DOE report seems scary. In the corporate environment, however, such lost inventory is an everyday occurrence. In fact, most large enterprises would be proud to say they are able to account for all but 20 of their computers.

"There was a Gartner study not too long ago that said at any given time, most enterprises can tell you the location and the user of only about 65 percent of their machines," notes Ben Haidri, vice president of marketing and business development at Absolute Software, a PC asset tracking and theft recovery service that currently monitors over a million machines worldwide. "That means more than a third of PCs and laptops aren't accounted for."

This problem, which Absolute calls "PC drift," is usually the result of worker mobility, which causes IT to lose track of machines as employees change locations, departments, or job responsibilities.

"With constant organizational changes personal computers have gone missing in large companies on a regular basis," agrees Rob Enderle, principal analyst at Enderle Group, an IT consultancy. "They may walk out the door with departing employees, employees may simply not turn them in when they get new ones.

"The big picture is that no one really knows what has been happening to these 'lost' products, and most people typically assume it is a problem with the inventory reconciliation," Enderle explains. "However, in today's world I think such an assumption needs to be challenged -- and under current disclosure rules, it probably must be."

While many of the "lost" PCs probably are still inside the enterprise, analysts estimate that as many as 3.5 to 5 percent of the missing machines are stolen, usually by employees. Gartner estimates that about 70 percent of office product thefts are perpetrated by insiders.

"If an insider takes a machine, it's usually to use it themselves -- as opposed to stealing the data or selling the hardware -- but you can never really be sure at that point," Haidri says.

Like most large enterprises, the DOE's Counterintelligence Directorate used a PC inventory application to track the location and disposition of its desktops and laptops, although the report does not disclose which product it uses. And, like most enterprises, the agency found that some of its inventory escaped the tracking of that application.

"The problem with most of those tools is that that they don't start from the node and go up," Haidri says. "They sit on a server somewhere and poll the devices. There are a lot of things that can go wrong with that -- you lose communication with the node, or somebody deletes the agent software when you're doing an upgrade."

Another problem is that there's not much integration between the IT asset management function and the security function, experts say. In most companies, the two groups work separately, and they use different tools, which makes it difficult to locate machines that might be suspected of causing a security breach.

So while many companies look at products for full-disk encryption for laptops or "kill" products that let users remotely wipe out a hard drive that is lost or stolen, many of them still don't know where all of their machines are, experts observe.

"There are lot of encryption tools you can get, and tools that will let you work on a problem post-theft," says Haidri. "We [Absolute] have all those tools. But there are some customers that want to solve that problem by knowing where all their devices are. That's where you see IT asset management and security coming together."

— Tim Wilson, Site Editor, Dark Reading

  • Absolute Software Corp.
  • Enderle Group Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
    Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
    Navigating Security in the Cloud
    Diya Jolly, Chief Product Officer, Okta,  12/4/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-19619
    PUBLISHED: 2019-12-06
    domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
    CVE-2019-19616
    PUBLISHED: 2019-12-06
    An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment fun...
    CVE-2019-19617
    PUBLISHED: 2019-12-06
    phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
    CVE-2012-1114
    PUBLISHED: 2019-12-05
    A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
    CVE-2012-1115
    PUBLISHED: 2019-12-05
    A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.