Cybersecurity Asset Management
Investing in an asset inventory platform? Consider these key factors
- Network-centric tools typically require the deployment of sensors spread throughout the network. Planning for correct placement, network performance and impact, architecture changes, and more can be time-consuming and require input from multiple cross-functional teams.
- Agent-based tools usually require performance and impact testing of the agent on the various standard images of the company. [Text Wrapping Break][Text Wrapping Break]Furthermore, you’ll need to identify all the servers and workstations that will be in scope for the agent deployment. Pay particular attention to finding, reaching, and deploying to mobile devices and virtual machines.
- Scanning tools may require deployments of endpoint agents and/or network scan engines. Therefore, typical network-centric and agent-based tool considerations must be carefully analyzed. [Text Wrapping Break][Text Wrapping Break]Different systems are likely to need different types of scans. Think deeply about what those various conditions are and how to properly roll out, configure, and schedule the scans. (You don’t want to knock systems offline with the wrong type of scan at the wrong time.)
- Network-centric tools may take months to roll out — or even years, depending on the size and complexity of the network. [Text Wrapping Break][Text Wrapping Break]Plus, there are deployment challenges associated with network-centrics tools. The introduction of network listening devices may be invasive, often requiring network configuration changes or upgrades (taps or span port configurations). This can impact network uptime, can cause performance degradation if done incorrectly, and should be completed during agreed maintenance windows.
- Agent-based tools can take months to fully deploy, depending on the chosen solution. Finding every system needing an agent requires continuous monitoring for new systems missing the current agent, and then scheduling the agent package delivery.
- Scanning-based tools can take significant time to reach near-complete deployment. Scanning tools may be agent-based, network scan engine-based, or a combination of the two. This results in the same complexities found with other tooling methodologies. [Text Wrapping Break][Text Wrapping Break]Teams must also manage the process of tuning scanning packages and tuning scan intervals, always keeping an eye out for performance and system availability challenges.
- Network device discovery tools are leveraged to identify devices and characteristics of devices as they communicate on the network. Every communication says something about what the device is (and in some cases, how it’s configured). [Text Wrapping Break][Text Wrapping Break]However, teams managing these solutions must look to other sources of data for complete context.
- Agent-based tools are used to understand diverse characteristics about a single device. These tools answer questions about characteristics across all devices, and can be used to provide numerous use cases, like users, missing patches, installed software, services, and processes running on the device.
- Scanning-based tools provide a wealth of data about users, open ports, installed software, version and vendor, as well as vulnerabilities, depending on the tool. These pieces of data are used to formulate many use cases, such as finding unsanctioned applications, identifying the riskiest servers, and identifying some system configuration aspects.