The first step in securing any organization is to understand what you have. Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable. You could implement extremely strong controls to lock down everything, but then business operations come to a halt as services are unavailable. But if you don't put enough controls in place, attackers may run rampant.
The Center for Internet Security outlines this in their 20 CIS Controls. The first two controls are defined as:
- Inventory and Control of Hardware Assets
- Inventory and Control of Software Assets
Every other control that follows begins with those two. From vulnerability management, to secure configuration standards, to monitoring logs; unless you know what is on the network, you can't properly apply security controls.
Unfortunately, IT systems are complicated, and change daily. Modern networks and IT environments are often spread over multiple offices, data centers, the cloud, virtualization, IoT, printers, mobile devices, and more. It can be a formidable task keeping track of all the endpoints that touch an organization's network infrastructure. This becomes even more challenging with Bring Your Own Device (BYOD) policies, and unknown devices that connect to the network on a regular basis. These uncontrolled and unidentified devices increase security, compliance and legal risks to an organization.
Asset Discovery is the process of scanning your networks to discover exactly what systems and services are running. A discovery scan confirms what is actually on the network rather than what you think is on the network, or what was on the network yesterday. Ideally, asset discovery scans should be run as often as possible, to always have the most current information. These scans should allow you to detect:
- Unauthorized (rogue) devices
- New services on existing hosts
- Unsupported operating systems
Commercial vulnerability scanners conduct asset discovery scans as part of the process of scanning the network, but often this is only performed on a quarterly or monthly basis. Other commercial configuration management tools also include asset discovery and management at varying price levels. Open source tools such as Nmap can be used to run these scans with the right knowledge and experience.
Need help understanding what's on your network?
Our team performs network penetration tests and infrastructure assessments that start with thorough asset discovery. Reach out to discuss a security assessment.
Talk to Our Team