Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start.
A key challenge for CISOs and other security professionals is enabling effective cybersecurity asset management.
The more general IT asset management (ITAM) is the process of discovering, inventorying, managing and tracking a company’s assets. Assets include hardware, software, data and devices. A subset of ITAM, cybersecurity asset management focuses on the discovery, inventory, management and tracking of assets for the purpose of protecting them.
Cybersecurity asset management is especially challenging for three main reasons:
1. The number and types of assets in today’s enterprise environments can be in the millions and are growing. Even the most diligent IT professionals can’t keep track of such an environment on a spreadsheet or even with a database.
2. In a virtual environment, entities include services, microservices, VMs and containers that have short half-lives. The average half-life of a container in some organizations can be measured in minutes, for example. From an inventory management perspective, tracking entities active for only a few minutes may not seem particularly important, but from a cybersecurity perspective, it’s crucial. Even short-lived entities can wreak havoc if they’re bearers of malicious code.
3. Organizations have many unknown zones, meaning areas where there’s little to no asset management or areas where traditional ITAM doesn’t reach.
The first two issues can be largely solved by automation, which makes keeping track of a growing number of devices and services and their life spans easier. For the challenge of unknown zones, specialty asset management products and services are emerging to help companies, specifically in the areas of IoT, data, applications and microservices.
Getting started with cybersecurity asset management
In areas with little to no asset management coverage overall, a general-purpose IT service management (ITSM) or ITAM tool is needed. Established companies, such as Forescout, based in San Jose, Calif., in the cybersecurity space and ServiceNow, based in Santa Clara, Calif., in the ITSM space, provide relatively traditional ITSM asset discovery and management engines. (Forescout integrates into ServiceNow.) These types of products typically provide compliance and risk management, as well traditional autodiscovery and asset management.