Industry Insights with Richard Henderson

Advanced SOC Operations / CSOC , CISO Trainings , Cloud Security

3 Steps to Asset Management and Software Auditing

Protecting Critical Endpoints Is Paramount for Your Business
3 Steps to Asset Management and Software Auditing

With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Since they are critical for business getting done, endpoint disruption can have a significant impact on your day to day operations. Protecting them is paramount.

There are four key pillars to building an endpoint security program that does its job well, and I detail each of them in my new guide, 4 Essential Strategies to Endpoint Security Protection. These pillars will help you build a solid security foundation that you can then customize to your specific risk profile:

  1. Asset management;
  2. Software auditing;
  3. Vulnerability management;
  4. Dealing with incidents

Asset management, or effectively enumerating and managing all of your assets, is simply the single most critical control component of security today. If you don't know what you have, how can you ever begin to properly create defenses for them? In addition to cataloging your assets, you'll also want to audit all of the software that runs on them. Unapproved, overused and/or pirated software can add a significant measure of risk to your organization. To manage all of your assets and their software, follow these three foundational steps:

Step One: Establish a Baseline

Collect everything you have on where you stand, from diagrams and network maps to inventory purchases and serial numbers. In this step, you want to shore up any gaps to ensure you have visibility into your endpoint devices, no matter where they are, so that you'll be able to spot deviations from your baseline.

Audit random endpoint devices in different departments to look for common software packages in use by teams, obtain copies of POs and invoices and then look for what's been missed. Use tools to query your devices and open ports and services used by software packages to easily gather intelligence on what software is installed. Develop master deployment package lists to simplify future endpoint deployments.

Step Two: Refine and Maintain Your Inventory

Your baseline is likely going to change almost daily, so you need a way to transition devices in and out of inventory as well as a way to monitor for changes.

Develop a plan for exceptions, including legacy applications and special applications. One-off applications still need to be "owned" and managed, with some measure of control over the risks. Develop a map of regular application use (ports used, "call home" patterns) so you can spot anomalies, which could be incidents in their nascent stages.

Step Three: Introduce Automation, Integration and Alerting

The ideal asset management strategy will offload as much of the scanning as possible to automated and semi-automated tools to keep an eye on your network, inventory and asset documentation and to generate alerts or automated actions when something out of the ordinary pops up.

Make sure you continually update your standard image and configurations to roll updates and patches into them, and use automation to help monitor compliance and configuration drift. Integrating with other security tools, such as your SIEM and NGFW, can help build a better picture of your overall risk or alert to incidents.

Forrester Now Tech: Endpoint Detection And Response, Q1 2018

Download Analyst Report

About the Author

Richard Henderson

Richard Henderson

Head of Global Threat Intelligence, Lastline

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline's technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an "insightful view" on the current state of cybersecurity. Henderson was one of the first researchers in the world to defeat Apple's TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Henderson is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.