Charles Leaver – IT Asset Management And Identification Are Crucial For Your Cyber Security

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften

 

Reliable IT asset management and discovery can be a network and security admin’s buddy.

I don’t need to inform you the obvious; all of us know an excellent security program starts with an understanding of all the devices linked to the network. Nevertheless, maintaining an existing stock of every linked device used by staff members and organisation partners is difficult. Much more challenging is ensuring that there are no linked unmanaged assets.

Exactly what is an Un-managed Asset?

Networks can have countless connected devices. These might consist of the following among others:

– User devices such as laptops, desktops, workstations, virtual desktop systems, bring your own devices (BYOD), smart phones, and tablet devices.

– Data center and cloud devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Regrettably, a number of these connected devices might be unidentified to IT, or not handled by IT group policies. These unknown devices and those not managed by IT policies are described as “unmanaged assets.”

The number of unmanaged assets continues to increase for numerous companies. Ziften discovers that up to 30% to 50% of all connected devices can be unmanaged assets in today’s enterprise networks.

IT asset management tools are usually enhanced to identify assets such as PCs, servers, load balancers, firewalls, and devices for storage utilized to provide business applications to the business. However, these management tools usually overlook assets not owned by the company, such as BYOD endpoints, or user-deployed wireless access points. Much more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Enterprise Network Access Policy Need to Change”, that IoT devices have exceeded employees and guests as the most significant user of the business network.1.

Gartner goes on to explain a new trend that will introduce much more unmanaged assets into the business environment – bring your own things (BYOT).

Essentially, staff members bringing items which were designed for the wise home, into the office environment. Examples include wise power sockets, wise kettles, wise coffee machines, smart light bulbs, domestic sensors, wireless web cams, plant care sensing units, environmental protections, and ultimately, home robotics. Much of these items will be brought in by personnel seeking to make their workplace more congenial. These “things” can sense information, can be controlled by apps, and can communicate with cloud services.1.

Why is it Important to Discover Un-managed Assets?

Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security starts with understanding exactly what physical and virtual devices are linked to the corporate network. However, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.

These blind spots not only increase security and compliance threats, they can increase legal threats. Information retention policies developed to limit legal liability are not likely to be applied to electronically stored details consisted of on unapproved cloud, mobile, and virtual assets.

Keeping an up-to-date inventory of the assets on your network is important to great security. It’s common sense; if you have no idea it exists, you can’t know if it is protected. In fact, asset visibility is so essential that it is a fundamental part of most information security infrastructures including:

– SANS Important Security Controls for effective cyber defense: Establishing an inventory of authorized and unauthorized devices is top on the list.

– Council on CyberSecurity Crucial Security Controls: Developing a stock of licensed and unauthorized devices is the first control in the focused list.

– NIST Details Security Constant Tracking for Federal Information Systems and Organizations – SP 800-137: Information security continuous tracking is specified as keeping continuous awareness of information security, vulnerabilities, and risks to support organizational risk management decisions.

– ISO/IEC 27001 Info Management Security System Requirements: The basic requires that assets be plainly identified and a stock of very important assets be prepared and preserved.

– Ziften’s Adaptive Security Framework: The very first pillar includes discovery of all your authorized and unapproved physical and virtual devices.

Factors To Consider in Examining Asset Discovery Solutions.

There are several methods used for asset discovery and network mapping, and each of the methods have benefits and disadvantages. While evaluating the myriad tools, keep these 2 crucial considerations in mind:.

Constant versus point-in-time.

Strong information security needs constant asset identification regardless of what approach is employed. However, lots of scanning strategies utilized in asset discovery take some time to finish, and are thus executed regularly. The drawback to point-in-time asset identification is that short-term systems may just be on the network for a short time. Therefore, it is highly possible that these short-term systems will not be discovered.

Some discovery strategies can activate security notifications in network firewall programs, invasion detection systems, or virus scanning tools. Since these methods can be disruptive, discovery is only carried out at regular, point-in-time intervals.

There are, nevertheless, some asset identification techniques that can be used continually to locate and identify connected assets. Tools that offer constant monitoring for un-managed assets can provide much better unmanaged asset identification results.

” Due to the fact that passive detection runs 24 × 7, it will detect temporal assets that may just be sometimes and briefly connected to the network and can send out alerts when new assets are spotted.”.

Passive versus active.

Asset identification tools supply intelligence on all discovered assets consisting of IP address, hostname, MAC address, device manufacturer, and even the device type. This technology helps operations teams rapidly tidy up their environments, getting rid of rogue and unmanaged devices – even VM expansion. Nevertheless, these tools tackle this intelligence gathering differently.

Tools that employ active network scanning efficiently penetrate the network to coax responses from devices. These actions offer clues that assist determine and fingerprint the device. Active scanning regularly takes a look at the network or a section of the network for devices that are linked to the network at the time of the scan.

Active scanning can generally provide more in-depth analysis of vulnerabilities, malware detection, and configuration and compliance auditing. However, active scanning is performed regularly because of its disruptive nature with security infrastructure. Sadly, active scanning threats missing out on short-term devices and vulnerabilities that arise between scheduled scans.

Other tools utilize passive asset identification methods. Because passive detection operates 24 × 7, it will find transitory assets that might only be sometimes and briefly connected to the network and can send out notifications when new assets are detected.

In addition, passive discovery does not interrupt sensitive devices on the network, such as commercial control systems, and permits visibility of Web and cloud services being accessed from systems on the network. Further passive discovery techniques avoid setting off alerts on security tools throughout the network.

In Summary.

BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate more and more assets on to the organization network. Sadly, much of these assets are unidentified or unmanaged by IT. These unmanaged assets position severe security holes. Eliminating these unmanaged assets from the network – which are far more most likely to be “patient zero” – or bringing them in line with business security requirements greatly reduces an organization’s attack surface area and general risk. The good news is that there are options that can provide continuous, passive discovery of unmanaged assets.

Charles Leaver – You Need To Move On From Enterprise Antivirus

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

 

Diminishing Effectiveness of Business Antivirus?

Google Security Guru Labels Antivirus Apps As Inefficient ‘Magic’.

At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Tasked with investigation of highly sophisticated attacks, consisting of the 2009 Operation Aurora project, Bilby lumped enterprise anti-virus into a collection of ineffective tools set up to tick a compliance check box, however at the cost of real security:

We need to stop buying those things we have actually revealed are not effective… Anti-virus does some useful things, however in reality, it is more like a canary in a coal mine. It is even worse than that. It’s like we are standing around the dead canary saying ‘Thank god it breathed in all the dangerous gas.

Google security gurus aren’t the very first to weigh in against enterprise anti-virus, or to draw uncomplimentary analogies, in this case to a dead canary.

Another extremely skilled security group, FireEye Mandiant, compared fixed defenses such as business antivirus to that notoriously failed World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are quick ending up being an antique in today’s hazard landscape. Organizations spend billions of dollars each year on IT security. However assailants are easily outflanking these defenses with clever, fast moving attacks.

An example of this was given by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually found anomalous activity on one of their enterprise client’s networks, and reported the presumed server compromise to the customer. To the Cisco team’s awe, the client merely ran an anti-virus scan on the server, discovered no detections, and placed it back into service. Frightened, the Cisco team conferenced in the client to their tracking console and had the ability to show the cyber attacker conducting a live remote session at that very minute, complete with typing errors and reissue of commands to the jeopardized server. Finally convinced, the customer took the server down and completely re-imaged it – the enterprise anti-virus had been a futile diversion – it had actually not served the customer and it had actually not prevented the enemy.

So Is It Time to Dispose Of Business Antivirus Now?

I am not yet prepared to declare an end to the age of organization antivirus. However I understand that companies have to buy detection and response abilities to match traditional anti-virus. However increasingly I question who is complementing whom.

Competent targeted hackers will constantly effectively evade antivirus defenses, so versus your biggest cyber hazards, business anti-virus is essentially ineffective. As Darren Bilby stated, it does do some useful things, but it does not provide the endpoint defense you need. So, do not let it sidetrack you from the highest concern cyber-security financial investments, and don’t let it distract you from security procedures that do basically assist.

Shown cyber defense steps include:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Continuous network and endpoint monitoring, constant watchfulness.

Strong encryption and data security.

Personnel education and training.

Continual risk re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of business antivirus, none of the above bullets are ‘magic’. They are simply the continuous hard work of adequate organization cyber-security.