What CISA Vulnerability Alerts Mean for Your Asset Inventory
Even the most comprehensive list of vulnerabilities can’t safeguard companies from exploits within the IT assets they’ve abandoned or forgotten about.
Even the most comprehensive list of vulnerabilities can’t safeguard companies from exploits within the IT assets they’ve abandoned or forgotten about.
With no overarching responsibility for IT asset management, it’s important to connect with the various owners of the tools that deliver inventory – because this is a team effort.
We’ve discussed the challenges of getting to a comprehensive IT asset inventory. What we haven’t discussed is the impact this comprehensive asset inventory will have.
Today’s IT environments are extremely dynamic, so capturing the changes in overall inventory, as well as how specific attributes change within a specific asset, is important.
To reconcile inventory reports from many sources, we need to analyze and correlate detailed attributes in order to determine the true number of unique assets.
There is an extremely high cost to building maintaining a custom solution that comprehensively reconciles inventory data from multiple systems.
One approach we’ve seen teams take is to perform a manual reconciliation of inventory reports from the different IT systems to arrive at a comprehensive asset inventory.
We have lots of tools that report inventory, but each of these tools provides a siloed view of the assets based on that specific tool’s purpose. None provide a comprehensive view.
The deceptive complexity of an asset inventory has led to a significant and dangerous gap between our perception of how well we are executing and the reality of our execution.
The weakest link in our security programs is not whether we have the right tools for our organization, it’s that we don’t deploy the tools that we own comprehensively.