Context is everything when it comes to assets.
Whether you’re responsible for triaging SOC alerts or managing a compliance audit, Windows Server hygiene calls for situational and up-to-date asset information.
In this post, I’ll focus on just one critical job function inside ITOps – managing Windows Server hygiene — and explain why choosing the right cybersecurity asset management solution is important.
If your role involves managing Windows Server hygiene, start with a complete understanding of the total number of Windows servers you’re responsible for. But this isn’t easy in today’s complex IT environment. That’s because:
For most companies, getting an accurate count of servers that are powered on and functioning at any given point is an estimate — a snapshot in time.
Choosing the Right Cybersecurity Asset Management Platform: Consideration No. 1
The cybersecurity asset management solution should collect server information across all offices, data centers, and cloud platforms whether the asset is physical, virtual, or a container.
Once you have identified your list of Windows servers, check and confirm the status and required function of each:
This will help with downstream decisions the team needs to make for server hardening, patching, exceptions, and security.
Consideration No. 2
The cybersecurity asset management solution should provide critical AD object and attribute information for underlying functionality context.
The next step is to understand which Windows version each server is running.
In most companies, the process is still manual. It requires an elaborate procedure just to combine various inconsistently aligned datasets. A CSV dump from the cloud platform, a report from the CMDB, and a review of AD. And perhaps even a look at your scanning tool sets. And then, a merge into one spreadsheet or database — and a lot of manipulation to normalize the version fields to get some semblance of alignment.
Consideration No. 3
The cybersecurity asset management solution should aggregate server version information from a wide range of sources. Plus, automatically deconflict variances to arrive at the correct version with a high degree of accuracy.
Then comes answering questions related to tracking and managing version control:
Consideration No. 4
The cybersecurity asset management solution should collect and aggregate service pack and patch related information from various data stores. This allows grouping and tagging of assets by priority, criticality, and exceptions.
Now, you have a complete count, you know all the versions, you’re managing service packs and patches. What’s next? Those pesky agents required on your servers.
Most companies have a minimum of four to five agents running on their devices across a range of services, including endpoint management, endpoint detection and response, and antivirus.
A lot of time is spent managing an extensive checklist of conditions with these agents:
Consideration No. 5
The cybersecurity asset management solution should have pre-built integrations to a wide variety of agent-based tools. This allows for simple aggregation of all agent compute characteristics. It provides the user the ability to quickly query and identify agent gaps and a variety of agent conditions.
You need to:
Consideration No. 6
The asset management solution should have integrations to accommodate the continuous collection and synthesis of all compute characteristics that may be used to surface any combination of server hardening, resource management, or performance monitoring.
Want to learn how Axonius can provide ITOps with a complete view of all server assets? Schedule a demo.
By Patrick Kelley