Industry Insights with Richard Henderson

Cybercrime , Data Security , Endpoint Detection & Response (EDR)

3 Steps to Asset Management and Software Auditing Protecting Critical Endpoints Is Paramount for Your Business
3 Steps to Asset Management and Software Auditing

With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Since they are critical for business getting done, endpoint disruption can have a significant impact on your day to day operations. Protecting them is paramount.

There are four key pillars to building an endpoint security program that does its job well, and I detail each of them in my new guide, 4 Essential Strategies to Endpoint Security Protection. These pillars will help you build a solid security foundation that you can then customize to your specific risk profile:

  1. Asset management;
  2. Software auditing;
  3. Vulnerability management;
  4. Dealing with incidents
Asset management, or effectively enumerating and managing all of your assets, is simply the single most critical control component of security today. 

Asset management, or effectively enumerating and managing all of your assets, is simply the single most critical control component of security today. If you don't know what you have, how can you ever begin to properly create defenses for them? In addition to cataloging your assets, you'll also want to audit all of the software that runs on them. Unapproved, overused and/or pirated software can add a significant measure of risk to your organization. To manage all of your assets and their software, follow these three foundational steps:

Step One: Establish a Baseline

Collect everything you have on where you stand, from diagrams and network maps to inventory purchases and serial numbers. In this step, you want to shore up any gaps to ensure you have visibility into your endpoint devices, no matter where they are, so that you'll be able to spot deviations from your baseline.

Audit random endpoint devices in different departments to look for common software packages in use by teams, obtain copies of POs and invoices and then look for what's been missed. Use tools to query your devices and open ports and services used by software packages to easily gather intelligence on what software is installed. Develop master deployment package lists to simplify future endpoint deployments.

Step Two: Refine and Maintain Your Inventory

Your baseline is likely going to change almost daily, so you need a way to transition devices in and out of inventory as well as a way to monitor for changes.

Develop a plan for exceptions, including legacy applications and special applications. One-off applications still need to be "owned" and managed, with some measure of control over the risks. Develop a map of regular application use (ports used, "call home" patterns) so you can spot anomalies, which could be incidents in their nascent stages.

Step Three: Introduce Automation, Integration and Alerting

The ideal asset management strategy will offload as much of the scanning as possible to automated and semi-automated tools to keep an eye on your network, inventory and asset documentation and to generate alerts or automated actions when something out of the ordinary pops up.

Make sure you continually update your standard image and configurations to roll updates and patches into them, and use automation to help monitor compliance and configuration drift. Integrating with other security tools, such as your SIEM and NGFW, can help build a better picture of your overall risk or alert to incidents.

Forrester Now Tech: Endpoint Detection And Response, Q1 2018

Download Analyst Report


About the Author

Richard Henderson

Richard Henderson

Global Security Strategist, Absolute Software

Henderson is an experienced cybersecurity professional with a demonstrated history of working in the computer and network security industry. He is a regular (non-sponsored) contributor to online properties such as CSO, Dark Reading, Forbes, etc. In addition to being a strong writer, speaker/presenter and mentor, he is the global security strategist for Absolute Software where he influences the strategic security direction of our customers and prospective customers. A strong leader and communicator with expertise at a global level, Henderson provides security consultation to many parties and helps evangelize Absolute's industry-leading and unique security offerings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing gdpr.inforisktoday.com, you agree to our use of cookies.