The security implications of an always-expanding sprawl of devices, users, software, SaaS applications, and cloud services are significant. The rate of change makes the manual work of finding, managing, and securing all of these assets not only tedious, but error-prone and a waste of scarce, valuable resources. But without full visibility, IT and security teams risk security gaps, misconfigurations, missing or malfunctioning agents, and more.
Luckily, asset management solutions have evolved over the years to address increasingly complex environments, specifically in overseeing security aspects of the configuration of assets.
What does cybersecurity asset management involve?
To address security issues, you must discover the gaps, and to do that you need a comprehensive and reliable inventory of your assets. Therefore, cybersecurity asset management involves:
- Obtaining a comprehensive inventory of all assets, their relationships, and business-level context
- Discovering security gaps, assessing vulnerabilities, optimizing costs, and prioritizing risks
- Automatically enforcing policies, automating actions, and simplifying workflows across departments and systems
Asset management plays a foundational role in a cybersecurity program, that CIS Critical Controls lists the need to inventory and control hardware and software assets as its first two security measures. Along these lines, asset management is also the first category in the NIST Cybersecurity Framework, and recent federal guidance from the Office of Management and Budget’s (OMB) cybersecurity memorandum M-24-04 states that “agencies must have a clear understanding of the devices connected within their information systems to gauge cybersecurity risk to their missions and operations.”
Unfortunately, implementing a cybersecurity asset management process in a reliable, timely, and efficient manner has been one of our industry’s major challenges.
Repercussions of poor cybersecurity asset management
Poor cybersecurity asset management practices dramatically increase the chances that threat actors will be able to achieve their objectives, be they to steal sensitive data, disrupt business operations, or otherwise put the organization at risk.
After all, an attacker’s entry point is often the server that nobody knew existed, the laptop that lacked antivirus software, the application that was missing a patch, the port that was left open, or the user account that wasn’t locked down. Asset management is essential to being able to address such risks efficiently and consistently.
But poor asset management practices also introduce financial risks as well. For instance, without a clear understanding of what exists in your environment and who has access to it, it can be hard to determine exactly how much spend per year might be wasted on redundant tools or unused software licenses.
Plus, as more companies shift to remote and hybrid work, spending on SaaS apps skyrockets. Without the right level of visibility into shadow SaaS, organizations are likely putting their budget toward redundant apps, extraneous user licenses, and inactive or orphaned user accounts.
Why don’t we all have cybersecurity asset management already?
If asset management is so important for cybersecurity, why haven’t all enterprises implemented it yet?
— Adrian Sanabria
Even outside cybersecurity, we know that essential, basic habits such as daily exercise help improve overall health and decrease the risk of disease. Yet, just 28% of Americans have been found to exercise enough, according to a recent study by the Centers for Disease Control and Prevention.
In cybersecurity, we’re often attracted to exciting-sounding disciplines, say threat hunting or red-teaming. We’re drawn to sexy technologies such as machine learning for malware or anomaly detection. We struggle taking a step back to build a foundation for the security program, even if we know it’ll enable cool efforts such as spotting intrusions and fighting malware.
Another reason why asset management has been a challenge is the lack of effective tooling. Keeping track of IT resources is often a manual, error-prone process that consumes much time and yields few benefits. For asset management to deliver its full potential, it needs to be automated and easy to implement.
The joys of cybersecurity asset management
Security leaders who’ve implemented effective asset management will live longer, healthier, and more fulfilling lives.
More seriously: Asset management allows security leaders to succeed at other initiatives, from rolling out a new antivirus agent to improving oversight of cloud resources. It bolsters the security organization’s efficiency, allows it to track and demonstrate progress, and enables preventing a variety of issues before they escalate into major incidents.
Those who’ve implemented asset management in a way that keeps up with today’s dynamic environments derive another benefit. Such organizations discover that every group related to IT, cybersecurity, and GRC comes to the asset management system for answers to questions about vulnerabilities, threats, incidents, compliance, troubleshooting, and more. The once unsexy asset management system becomes the crux of critical decisions and investigations.
Plus, from a cost optimization standpoint (which has become increasingly important during uncertain economic times), cybersecurity asset management solutions can help lessen the financial burden of digital infrastructure. The three most common cost inefficiencies, after all, come from untapped infrastructure, forgotten infrastructure, and overlapping infrastructure – all of which cybersecurity asset management solutions can help identify by providing insight on how individual tools are being used.
Approaching cybersecurity asset management
Here’s the good news: Today’s enterprises already have many IT and security systems that know about some portion of the organization’s assets. These include:
- Identity and systems management tools
- Endpoint security management software
- Vulnerability scanning tools
- Passive and active network monitoring solutions
- Cloud orchestration technologies
The challenge from the perspective of asset management is that these systems typically exist as data silos, requiring cumbersome efforts to get a unified and actionable view on asset details across multiple systems.
Organizations can advance their asset management program by extracting useful configuration and other data out of these systems. The next step is to clean the data to find useful information across the multiple data sources.
As you can imagine, achieving this involves a lot of automation and know-how. This is where Axonius comes in.
The Axonius Platform
The Axonius Platform leverages existing data to understand the full context of all assets in the environment at any given time. By looking at their assets from several perspectives, our customers can ask meaningful questions, such as:
- Which systems are missing an endpoint agent or where is the agent misconfigured?
- Which cloud or other resources aren’t being scanned for vulnerabilities?
- Which unmanaged devices are present on the network?
- Which users with access to critical systems don’t have two-factor authentication enabled?
After asking and answering questions like these, customers can direct Axonius to take action, such as open a ticket, email an analyst, quarantine the system, deploy an agent, and so on.
With the Axonius Platform, customers can fully understand their digital infrastructure to make business-level decisions, inform strategy, mitigate threats, navigate risk, and accelerate incident response, while reducing cost and eliminating manual, repetitive tasks.