Cybersecurity Asset Management

How to choose the right asset management solution for windows server hygiene

Context is everything when it comes to assets

Whether you’re responsible for triaging SOC alerts or managing a compliance audit, Windows Server hygiene calls for situational and up-to-date asset information.   

In this post, I’ll focus on just one critical job function inside ITOps – managing Windows Server hygiene — and explain why choosing the right cybersecurity asset management solution is important.  

If your role involves managing Windows Server hygiene, start with a complete understanding of the total number of Windows servers you’re responsible for. But this isn’t easy in today’s complex IT environment. That’s because: 

  • Some of your Windows servers are legacy physical servers either in an office, a hosted data center, or perhaps in a manufacturing plant or a warehouse.  
  • Other servers are likely virtual instances running on VMware or Hyper-V, whether powered on or off.   
  • Your servers might also be found in IaaS cloud providers like AWS or Azure.  

For most companies, getting an accurate count of servers that are powered on and functioning at any given point is an estimate —  a snapshot in time. 

Choosing the Right Cybersecurity Asset Management Platform: Consideration No. 1 

The cybersecurity asset management solution should collect server information across all offices, data centers, and cloud platforms whether the asset is physical, virtual, or a container. 

Once you have identified your list of Windows servers, check and confirm the status and required function of each:  

  • Is the server in the right Active Directory (AD) organizational unit to obtain the appropriate group policies?  
  • Does the server have the appropriate AD delegation policy?  
  • Is it a domain controller or does it serve some other function?  
  • Does the server follow the appropriate naming convention for its location, intended purpose, machine type, etc.?  

This will help with downstream decisions the team needs to make for server hardening, patching, exceptions, and security. 

Consideration No. 2 

The cybersecurity asset management solution should provide critical AD object and attribute information for underlying functionality context. 

The next step is to understand which Windows version each server is running.  

In most companies, the process is still manual. It requires an elaborate procedure just to combine various inconsistently aligned datasets. A CSV dump from the cloud platform, a report from the CMDB, and a review of AD. And perhaps even a look at your scanning tool sets. And then, a merge into one spreadsheet or database — and a lot of manipulation to normalize the version fields to get some semblance of alignment. 

Consideration No. 3 

The cybersecurity asset management solution should aggregate server version information from a wide range of sources. Plus, automatically deconflict variances to arrive at the correct version with a high degree of accuracy. 

Then comes answering questions related to tracking and managing version control: 

  • Which service pack is installed? 
  • Which service packs are available? 
  • What exceptions exist for service pack updates? 
  • What’s the prioritization order for service pack deployment? 
  • What’s the criticality of the servers requiring the service pack? 
  • How do you confirm you have applied all the service packs and patches required? 

Consideration No. 4 

The cybersecurity asset management solution should collect and aggregate service pack and patch related information from various data stores. This allows grouping and tagging of assets by priority, criticality, and exceptions. 

Now, you have a complete count, you know all the versions, you’re managing service packs and patches. What’s next? Those pesky agents required on your servers.  

Most companies have a minimum of four to five agents running on their devices across a range of services, including endpoint management, endpoint detection and response, and antivirus.  

A lot of time is spent managing an extensive checklist of conditions with these agents: 

  • Which machines are missing which agents? 
  • Which machine can’t run the agent due to operational exceptions? 
  • Which machines can’t run the agent due to OS version or service pack dependencies? 
  • Which machines have an older or incorrect agent version? 
  • Which machines have disabled, corrupt, or malfunctioning agents? 

Consideration No. 5 

The cybersecurity asset management solution should have pre-built integrations to a wide variety of agent-based tools. This allows for simple aggregation of all agent compute characteristics. It provides the user the ability to quickly query and identify agent gaps and a variety of agent conditions. 

You need to: 

  • Ensure only the required services and processes are running as that’s the first line of security defense for your critical server infrastructure. 
  • Check for installed software needs to be frequent and monitoring nearly continuous.   
  • Conduct routine performance checks for disk, memory, and processor utilization are part of the game as well.  

Consideration No. 6 

The asset management solution should have integrations to accommodate the continuous collection and synthesis of all compute characteristics that may be used to surface any combination of server hardening, resource management, or performance monitoring. 

Want to learn how Axonius can provide ITOps with a complete view of all server assets? Schedule a demo.  

By Patrick Kelley 

Axonius is the cybersecurity asset management platform that correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving security and IT teams the confidence to control complexity.

prestitial ad