How will you secure your devices? How often do you patch your software? SAM is key!
Are all of your licenses up to date? The main goal of software asset management (SAM) is to record and manage software license compliance and accurately report the version of installed software. Security threats often make asset management a top priority in an organization. Software license management and version reporting provides information about what and how software is being used within your organization as well as the version and patch levels. This information can assist other departments such as IT Security, to further protect your systems, minimizing the risk of malware infecting your network and remediating vulnerabilities by keeping the software patched.
Information Security departments work well with asset managers. SAM provides discovery data and IS shares network information such as who accesses the networks and what devices are used internally and remotely. Both of these working in tandem can deliver reliable data when investigating security incidents and possible vulnerabilities.
Securing your network partnering SAM with information security involves following a few simple steps.
Inventory Data Elements (SAM)
Pulling together data elements involves gaining insights into all the information you have on your machines including the host name, IP address and further scan to find the software used and owned by business groups and individual end users.
“Why inventory data elements? You can’t secure it if you don’t know about it. The first step in protecting your organization’s assets is for your SAM team to recognize the assets that make up the IT environment.”
Automatic asset discovery is the key component to SAM and includes discovery, inventory, normalization, reconciliation and optimization. Through discovery, you can determine the number of devices and what software is installed on the system. The asset discovery scans show the host name, IP address and the location of the computers in your environment. Reports made from the scans contain the permissions of your end users and details in what business group they reside and the privileges allowed in those areas.
The most critical information, for security purposes and to reduce the possibility of any vendor software audits, is the report showing assigned software licenses. Not only does the discovery process pull in all aspects of your software information and normalize the data so it can be input into a configuration management database (CMDB), but it reconciles the licenses bought with the licenses used to verify that all licenses are in use. This process optimizes licenses by finding and recycling those that are unused. A CMDB shows the configuration of items currently in use and will contain the most accurate information.
An automated discovery scan identifies unauthorized software and unsafe applications. By recognizing unauthorized software along with the location where it is installed, you can have the applications removed before they become an issue or are found during a vendor audit. Unsafe applications can be detected through automated discovery scans as well and either patched, updated, or removed to mitigate possible security vulnerabilities.
Identify Assets (SAM)
License compliance goes a long way in securing your systems from outside threats. Identifying, logging and classifying assets will help you secure your business’s tools through patch management, software license upgrades, and network access controls.
Using automated discovery scans, the SAM team can compile reports that identify software licenses, log their details and classify them for tracking and management. The details pulled from the report can indicate if the software requires a patch or upgrade. That requirement dictates the device’s level of access to the network. Software inventory-based network access control is determined by what software is or is not present on the device and whether its patches are up to date.
Provide a Device-Agnostic Network Security Environment
Working with your Information Security department to generate a report of what assets are connected to your network can lead to the setup of a device-agnostic network security environment. Bring your own device (BYOD) is becoming more common in the workplace and this opens new challenges for Information Security.
Employees can collaborate and connect anytime and be more productive using their own portable devices and with BYOD, there is a cost savings to the company. However, the Information Security team needs to gain visibility into company-issued and managed devices as well as unmanaged, personally-owned devices brought in by employees in order to secure your networks.
Company computers and printers, internal and guest networks, as well as remote access into your organization can all be managed by your IT department. Combining the efforts of Information Security and the SAM team, these devices and networks can be scanned and reports generated to show access times, machine locations and specific end users. Determining the security of managed devices is easier with an automated asset discovery solution that involves license optimization and patch maintenance.
Having unmanaged devices accessing your organization’s network requires that Security understands how those devices will be used and what risks are associated with their access. With employees bringing personal devices into the company, transferring valuable information and accessing cloud applications remotely from external devices, knowing when your organization’s network is accessed is critical. This information can be provided through automated asset discovery which is part of the SAM process.
When a mobile device accesses the corporate network, an automated asset discovery scan can identify the device and compare its attributes to those already cataloged in the CMDB. Additionally, the asset management system does a certificate check on the unmanaged device and decides to block, limit, or allow full access. User’s permissions may also be set to download or preview files.