While IT Asset Management (ITAM) and Configuration Management Database (CMDB) platforms are frequently used to maintain asset inventories, they often don’t contain sufficient and accurate data to help security teams. Unlike ITAM and CMDB platforms, Axonius automatically aggregates and correlates asset data — regardless of asset type — to deliver a comprehensive and credible asset inventory for security, IT, and risk teams.
IT Asset Management (ITAM) looks at IT assets through the lens of financial or business-related implications. This is done to reduce costs of assets throughout their lifecycle and to minimize business risk. Personnel leading ITAM initiatives often look at financial, inventory, contractual, and broad risk considerations for software and hardware assets across an organization.
IT Service Management (ITSM) encompasses the tasks required to design, manage, and deliver IT services to employees and customers. These include policies, processes, technologies, and procedures. This often means establishing an IT service desk to provide a single point of communication to support customers and employees. ITSM subfunctions include asset management, change management, and knowledge management.
Configuration Management Databases (CMDBs)
CMDBs store information about hardware and software assets, which are commonly referred to as configuration items (CIs). A CMDB looks at IT assets from an operational or support perspective. At a high level, CMDBs help organizations understand their critical assets, track configurations, and map dependencies. In the event of IT outages or security incidents, CMDBs are used to assess the full scope of the event.
ITAM platforms help organizations compile an accurate IT asset inventory. An accurate IT asset inventory helps organizations assess their IT asset lifecycle, identify cybersecurity risks, determine whether they might be overspending, find software and hardware redundancies, and more.
An ITAM platform primarily focuses on IT assets from a financial or lifecycle perspective. It gathers available information on most software and hardware assets tied to the business, including ownership, cost, contracts, warranty, etc.
Network-based Scanning
CMDBs and ITAM platforms often rely on network scanning to retrieve and compile the updated asset data. Network scans are done on a routine basis and are often scheduled to happen in daily, weekly, or monthly increments. Information is collected about virtual machines and networks, hardware and software on a network, and the interconnectedness or relationships between assets. This can all be used to inform and update the CMDBs and ITAM tools.
Agent-based Scanning
Agent-based scanning requires an agent be deployed on each machine to obtain an asset profile for the device. The agent-based approach can provide rich context and deep insights into the device and the device characteristics.
A wide range of details can be obtained, including:
Relying solely on agents for cybersecurity asset management has its limitations: