Knowledge is power, and having a complete panorama of all of the hardware and software operating within your networks is part of fundamental IT Asset Management best practices; a cornerstone of proper asset management. Yet, the reality of rogue, unidentified devices is still a part of nearly every network and a threat to overall security. It happens in even the most thorough organizations and chances are it’ll happen to you. So, here’s how to get good at unauthorized asset detection.
The idea behind this is not just to minimize risks, but to increase your overall security score and gain a real understanding of the elements that make up your network. Plus, it’s necessary for your overall IT Asset Management (ITAM) hygiene, so it’s a bit like dental hygiene — might be annoying after a long day of work, but it keeps those pearly whites nice and clean.
In our ITAM guide, we wrote:
“ITAM also helps organizations to manage their IT estates more efficiently – by knowing what makes up an organization's key services, time and money are saved through avoiding duplicate or unnecessary asset purchases and ensuring that software licenses are reused (reharvested) where appropriate.
"ITAM isn’t just a tool, nor is it a set of processes – it’s a business capability.”
A clear view of your asset inventory, and shadow assets in general, will give you:
- The ability to eliminate blind spots by eliminating or tagging unknown assets.
- Prevent potential cybersecurity mishaps by auditing your asset inventory.
- Accurate threat detection with accurate reporting.
First, let’s take a look at what these rogue, unauthorized assets are.
What is “Shadow IT”?
Shadow IT, or rogue assets, are unauthorized, unknown, and unaddressed items living rent-free in your IT infrastructure. This is coming with all of the BYOD (Bring-Your-Own-Device) policies and IoT combining to create a perfect storm of hidden items connected to corporate networks.
But, these practices have hidden costs. They increase the security risk by several orders of magnitude, and the more items are connected without your knowledge, the greater the potential threats. Plus, we talked about ITAM hygiene above, and having unknown and unmanaged items is like letting cavities go unattended.
Thus, the ability to detect and tag these items is also a big step towards building a solid IT security baseline, an essential first step. Plugging up these security and compliance risks, knowing all of your asset inventory thoroughly, is where any decent security program begins, and where you should focus your efforts on.
Let’s take a look at how to tend to your IT garden, and make sure you don’t have any surprises lurking for you under the weeds.
Best Practices For Keeping Your Network Clean
Per the CIS (Center for Internet Security) Controls 8:
“The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CIS Controls v8 has been enhanced to keep up with modern systems and software. The movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprise's security as they move to both fully cloud and hybrid environments.”
In the most recent iteration of these safeguards, the CIS presents some new additions to what we call “CIS control,” new ways to deal with breaches and unauthorized access in general. It’s also noteworthy that version 8 actually has fewer controls than the previous one (7.1), going down from 20 to 18. This is due to a larger push towards simplicity, and some controls being absorbed into others.
The scope of all of the controls escapes the aim of this article, but they're worth looking at since they contain important information that will help you correctly set up and monitor your IT security framework.
So, according to their model, what is the best way to deal with asset discovery, especially when it comes to hardware assets, the occasional rogue device, and the software asset side of things?
1. Maintain a detailed enterprise asset inventory
Creating a way to accurately tally up and organize every IT asset with the capability to store or process data should be the starting point of this whole journey.
Such an inventory can include everything on the hardware side, or what we call end-user devices, as well as non-computing/IoT devices, network devices, and even servers. Next is making sure that your inventory tool properly records and identifies the corresponding network address, hardware address, machine name, ownership (including department) for each asset, and whether it is authorized software or hardware — even allowed to be on the network in the first place.
When it comes to mobile devices, many asset discovery and management tools offer MDM-type tools that can assist with this process.
Also, a good inventory tool will provide information about the different kinds of ways in which an asset can be connected to a network:
- Within a cloud environment
This asset inventory should also include any asset that is regularly connected or used by the network infrastructure, even if’s not a part of the company’s “asset roster” per se.
Finally, bear in mind that these inventories are quite the opposite of static; they’re leaving, breathing entities that should be reviewed periodically. It’s also a crucial part when you wish to establish a CMDB, especially when your business starts scaling up. Even if you’re getting by with a .csv file at first, you simply can’t get out of building a proper asset database.
2. Utilize an Asset Discovery tool
Asset discovery and management tools, like those offered by complete suites such as InvGate Insight, are very important for making sure nothing slips under the radar. You should use these tools daily to make sure that there are no unexpected guests or stealth apps running on your network.
Mind you, a good tool will use both active and passive discovery techniques, because even after running the tool, some assets may not show if they’re hidden behind a firewall or transient connectivity. Active discovery tools send packets to hosts to monitor response, whilst passive tools monitor server traffic and trends to create a different type of asset picture. Both are important when it comes to the big picture, and especially when it comes to unauthorized assets.
3. Use DHCP logging to update your inventory
DHCP should be used on all DHCP-available servers or IP tools to update your inventory. You can then review and update the logs to make updates to your inventory as needed.
DHCP offers benefits to organizations because of its centralized IP address management capabilities, as well as the ability to quickly add new devices to the network using recycled addresses.
Unauthorized asset detection in InvGate Insight
InvGate Insight can help you keep your system components in check, and your security team happy. Its asset discovery feature will allow you to easily discover your entire IT infrastructure, including hardware and software, to maintain reliable and up-to-date visibility of your asset and configuration management data. This includes a thorough, up-to-date picture of which of your assets may be vulnerable to exploits.
This dynamic, 360-degree view of the relationships between your systems will help prevent and detect unauthorized assets in your network, pinging you when something requires your attention. Not only that, but it will detect changes to your software and configuration parameters.
Keeping an eye on your asset inventory is keeping your house in order. While it can be a daunting proposition, it’s also necessary to maintain security and making sure that every I is dotted and every T is crossed. What you don’t know can kill you, and that applies especially to the health of your company and your IT infrastructure. Even if every unauthorized, or rogue asset will probably not be a threat, you want to keep as many doors closed as possible.
The rest is all about using the right tools for the job and deploying them efficiently.