Why Government Agencies Need A Cyberattack Readiness Plan
Recently, an increasing number of government agencies all across the country have fallen prey to a series of cyberattacks that have resulted in...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
3 min read
Jason Ingalls : Apr 17, 2019 12:00:00 AM
This article is part of our weekly series on how to manage cybersecurity risk for businesses. If you'd like to download the complete 8-Point Guide, click here to sign up and get the entire guide for free!
Most of the time when we get called into a cybersecurity emergency by a breach victim, we spend a lot of effort just trying to understand the environment and determining things like:
One of the most popular cybersecurity risk management guides, the Center for Internet Security (CIS) Top 20, calls out hardware and software inventories as the first two items on their checklist of things to have in order to minimize risk. This is not by accident; these are "square one" items that allow for successful management of most of the other risks in IT once they are well managed. Unfortunately, they are chronically neglected in most businesses, especially small businesses, if they even exist at all.
Having an asset discovery and inventory system that can track assets by hardware, operating system, applications, and versions is invaluable when it comes to keeping computers and users secure. This is not as painful or time-consuming as it used to be, thanks to several free open source as well as commercially available systems and management-friendly configurations on physical devices.
Maintaining a central repository of knowledge (Knowledge Base) where inventories, configurations, and other important information about an information technology environment is stored. This makes accessing the knowledge in a crisis much easier.
Another excellent way to maintain inventory is through agents on servers and workstations or network-based discovery systems that perform network discovery and fingerprinting of devices and software communicating on the network. These systems can update a Configuration Management Database (CMDB) that serves as the system of knowledge for every IT asset in the environment.
Regardless of the method of inventory management and asset discovery, here are some very important reasons to use inventory and asset discovery to reduce cybersecurity risk:
Rogue wireless access points, old systems that were supposed to be decommissioned, and devices that were plugged into the network but weren't approved are all examples of things you'll find when you begin discovering assets on a computer network. Additionally, software inventories will help you prevent software license issues, identify out-of-date applications, and see unauthorized applications running that are creating risk to your IT environment.
Understanding which physical devices are running a specific type of operating system, as well as understanding which applications (by version) are running on these devices is important to know if you are investigating suspicious activity. There are many benefits to having this information available, including eliminating false positives, understanding a given device's role (e.g. database server or web server), and understanding what type of data can be found on the device (e.g. file servers contain data, database servers contain data, etc.).
One of the biggest weaknesses of endpoint protection tools such as anti-virus and Advanced Endpoint Protection is that lack of 100% coverage can still lead to compromise in the environment, through pivot from an unprotected machine. Lack of coverage also leads to a blind spot in your network. One of the most effective ways to determine whether or not you have 100% of devices covered is to look at network traffic at your network's perimeter (where it connects to the Internet or other networks) and evaluate traffic behavior. For example, if a computer has an endpoint protection tool that creates network traffic to the Internet as the tool checks in, you'll see it in the network traffic. If you see a computer that has the target Operating System of that should have 100% coverage sending traffic to the Internet but not sending traffic to the check-in site for the endpoint protection tool, that indicates the host is not covered and should be something that alerts your security analysts and IT team to fix.
Understanding which systems create useful data can be difficult unless you know what Operating System and applications are on them. Some applications produce very important data about how they are used, for both troubleshooting as well as cybersecurity purposes. Understanding what system logs should be collected can be accomplished if you have an inventory that allows you to create a matrix of the various device, OS, and application logs you need to collect. You can even check your logs against the device inventory to see if you are missing logs for certain devices.
In summary, having an inventory of systems, applications, and data is a very important part of managing cybersecurity risk. It can take some time to complete, but an accurate inventory that is maintained can be invaluable during investigations.
If your business or a client needs expert cybersecurity risk management that includes inventory and asset discovery, please contact us today to schedule an engagement with Ingalls Information Security!
Join us next week when we discuss how to do more with patch management, and the benefits of a mature Vulnerability Lifecycle Management program.This article is part of our weekly series on how to manage cybersecurity risk for businesses. If you'd like to download the complete 8-point guide, click here to sign up and get the entire guide for free! |
Recently, an increasing number of government agencies all across the country have fallen prey to a series of cyberattacks that have resulted in...
Windows 7 is expected to be EOL on 14 January 2020, on this day, Microsoft will stop releasing updates and patches for the operating system (OS)...
This article is part of our weekly series on how to manage cybersecurity risk for businesses. If you'd like to download the complete 8-Point Guide,...