These are the five most important terms when it comes to an asset inventory:
-
Complete
-
Contextual
-
Credible
-
Up-to-date
-
Unique
There are myriad challenges that prevent companies from achieving asset inventory nirvana, but the five terms above really encapsulate the problem.
You can have a complete inventory that’s not unique and deduplicated. You can have a complete inventory that’s not up to date. You can have an up-to-date inventory that’s not complete. You can have a unique inventory that’s up to date, but in no way complete.
Why is it so difficult to obtain all five keys in tandem?
The Challenges In Achieving Asset Inventory Nirvana
The challenge for most organizations is that many are relying on incomplete, gap-filled traditional asset inventory methodologies.
- Agents-based tools have a singular point of view about the asset or can become corrupted or disabled — and you may never find or know about every device to deploy the agent in the first place.
- Scanning tools are typically a point-in-time snapshot, meaning unavailable devices are missed and the data is quickly out of date.
- Network-based discovery tools often aren’t deployed to every network segment. Instead, they may only contain data for devices most recently seen, and typically lack deep context for the devices they capture.
Each of these methodologies has its own shortcomings, but the common theme is they all lack the diversity that comes from leveraging a wide array of data sources.
It’s this diversity that lies at the heart of achieving the five key elements above.
Why Does Data Source Diversity Matter?
Let’s quickly examine why diversity matters.
1. Some assets can only be found in a single source of data and nowhere else.Imagine an ephemeral container in a cloud platform. It may never get an agent deployed to it. It may not be live or turned on during the vulnerability scan interval, and the NAC may not extend into this cloud realm.
The only data source that will know about the device is the cloud platform itself. Cloud platforms like AWS, Azure, and Google Compute contain a wealth of fetchable asset data.
2. You can only infer gaps (think agents) in coverage by comparing two or more data sources.
You simply cannot do this with any of the methodologies above, because each method (agent, scan, NAC) all have their own gaps in visibility to the assets. Finding a gap among gaps is like finding a needle in a haystack — but finding a device missing an AV agent is really easy when you can compare it to other data sources. It’s easy to see devices missing an agent relative to AD, or AD and another agent-based tool.
3. You absolutely need multiple data sources with overlapping fields (common data fields) to correlate assets and arrive at a deduplicated, unique asset inventory.
The more data sources you have containing overlapping data, the stronger the correlation becomes — and the more fields of data you have as comparison points.
3. While there are many overlapping fields of data between most data sources (which is good — see point three above), each data source will contain some element(s) of data that are completely and singularly unique to that particular data source.
These unique pieces of data, in aggregate for a device, provide you with complete visibility and depth of context. Some perspectives on the asset only exist in a single data source.
4. It’s in the aggregate that we find truth. Truth cannot be gleaned from one data source. “Trust but verify” very much extends to assets and data sources.
Having a multitude of data sources allows for deconfliction of data fields using algorithmic analysis and calculations. The more data sources used, the better the analysis and efficacy of the algorithmic process because of the diversity of data elements.