by Nancy Peaslee
A fundamental Cybersecurity premise is to be aware of all assets on the network. An accurate and robust hardware list will allow for better protection of the information technology environment. When we discuss network assets, we are referring to workstations (laptops and desktops), servers (physical and virtual), printers, as well as switches and routers. We may also consider VOIP and mobile phones. By understanding and tracking attributes such as device type, location, rack, rack location, user, hostname, IP address, MAC address, serial number, vendor make and model, acquisition date, warranty information, level of data sensitivity, operating system type and version, and/or firmware version we can identify and locate our assets, which also allows us the ability to utilize the equipment more fully.
An asset list is one of the components providing valuable information in determining the risk to the organization. But how do you start? For smaller organizations, with Windows domain network(s), running a PowerShell query against Active Directory can provide some of this information as a starting point. Many network scanning tools such as Nmap, a cross-platform, open-source network scanner provides the ability to export basic asset information. There are many different tools available, and many provide a starting point for creating an IT inventory summary. This information can be supplemented with information from other sources, such as invoices through procurement operations or even a simple ping on the network, or through the execution of other tools or commands which can then provide additional information to reconcile against, as well as supplement the baseline list in order to assure better accuracy. For mid-sized and larger businesses, there is also a plethora of commercially available tools. Some of these tools can provide asset information through discovery scans as well as patch and update operating systems and software as well as report security compliance. Tenable is an example.
A complete asset list can also assist in determining the operating system or firmware version. We can also determine whether the device has been patched or upgraded. We can examine the software on the device, which will help us to determine whether we are utilizing our software licenses as well.
An asset list can also assist in tracking maintenance activities as well as manage the asset lifecycle so that we can better plan for the disposition of the asset as it nears its end of life (EOL). This may indicate that it is time to wipe hard drives clean, or plan to degauss equipment, as well as determine how the information will be managed. Additionally, the EOL indication will serve to notify whether a new asset should be procured to replace the outgoing asset.
Looking at cloud asset management, most cloud vendors include security and asset monitoring, either natively, or in third-party apps. Azure Resource Graph can be used to query resources and can be used in conjunction with tags, management groups, and subscriptions. AWS provides Systems Manager Inventory to collect asset data from managed instances.
IT assets, whether in-house or in the cloud, should be identified and tracked, to improve an organization’s cybersecurity stance, as well as to more fully utilize the assets.
Graham has experience in a wide range of asset management tools both for on premises, cloud, and hybrid solutions. Contact us today to learn how Graham Technologies can help you better manage and protect your network assets.