Asset inventory is the foundation upon which successful cybersecurity efforts are built. Without having a complete understanding of every asset and where it lives, organizations can’t implement effective security protocols or align their cybersecurity efforts with the CIS control framework. With so many layers of cybersecurity solutions, each of which creating its own lists of owned assets, how can cybersecurity professionals know the ground truth of existing assets? Let’s talk about Defensible’s partnership with Sevco and how asset security technology works together to provide cybersecurity teams and their organizations with the essential knowledge and tools for cyber risk mitigation.
Importance of Asset Inventory for Cybersecurity CIS Controls
Cybersecurity doesn't get more fundamental than having an accurate ground truth inventory of every single asset you own, including user devices, workstations, and IT-managed devices such as servers and systems that support core functions and applications. Having an accurate inventory is the primary starting point to effectively apply layered security controls to each asset your organization owns. Layered security controls within an asset security technology stack can include:
- Active directory
- Legacy anti-virus
- Vulnerability scanner
- Patch management platform
- Endpoint protection software
Every system interprets certain assets as part of its own inventory within the greater technology stack. As employees leave, new employees start, systems are decommissioned, and upgraded systems are onboarded, the asset inventory changes constantly.
CIS Controls
Understanding and controlling asset inventories are also essential for adhering to the first two controls within the CIS framework.
- Inventory and Control of Enterprise Assets: Active management and tracking of all enterprise assets, including servers, endpoints, mobile devices, IoT devices, and cloud instances
- Inventory and Control of Software Assets: Careful management and tracking of software on the network, including operating systems and applications
Without having a complete understanding of every asset and where it lives, organizations are unable to implement proper security protocols, nor can they align their efforts with two essential CIS controls.
Defensible Partners with Sevco for Cyber Risk Mitigation
Trying to understand each layer of a cybersecurity management system and each platform’s repository of assets can be complicated without asset security technology in place. Defensible partners with cloud-native security asset management platform Sevco to identify and illustrate overlaps, consistencies, and inconsistencies among every cyber solution’s asset inventory.
For example, if an organization utilizes both a vulnerability scanner and a patch management platform, Sevco will identify which assets are located within the vulnerability scanner’s repository, which assets are located within the patch management platform’s, and which ones are located within both.
This is an essential piece of the puzzle, as it helps IT teams see the full picture of their assets and prioritize where to allocate resources without duplicating efforts. Using the CIS framework, Defensible’s partnership with Sevco validates the data collected to ensure it aligns with the two essential CIS controls related to inventory and control of enterprise and software assets.
Real-World Success: The Juilliard School
Defensible’s cybersecurity expertise and solution, complemented by Sevco’s asset management technology, has been utilized on numerous occasions to address asset inventory coordination and control for a wide range of organizations — for example, The Juilliard School.
The Juilliard School’s asset security technology stack included multiple systems that each had its own interpretation of which assets belonged to its repository. As a result, Juilliard’s security team was working with several different source points for an asset inventory, including an active directory, vulnerability scanner, endpoint protection software, legacy anti-virus, and patch management platform.
Each source offered its own understanding of the asset inventory based on where its agents had been deployed; each one delivered a different asset count, with the counts from platform to platform differing by 30 - 40%. How could Julliard determine the official asset inventory list with each cybersecurity layer reporting its own asset repository with overlapping assets in several inventories?
Initially, the team started with a manual spreadsheet, inputting the different lists from the cybersecurity layers and attempting to sort out the duplicates designated by each solution. Instead of a manual solution, Sevco was able to connect all of Juilliard's data sources, collect all the asset inventory data from each platform, and create a Venn diagram that illustrated where assets truly live, which lists are accurate, and where inventories overlapped from solution to solution.
Get Started with the Ultimate Cyber Risk Mitigation Team
In order to implement effective cybersecurity protocols and meet CIS control standards, accurate asset inventory is the ground truth. Defensible, in partnership with Sevco, provides cyber professionals with the asset security technology and cyber risk mitigation solutions to make informed decisions about their security efforts. To learn more about how Defensible helps cybersecurity teams identify and mitigate potential risks, get started with Defensible today.
For more information or to schedule your free 30-minute consultation, please reach out to info@defensible.tech