Regardless of your role and function, context is everything when it comes to assets.
Whether you’re responsible for triaging alerts in the SOC or managing a compliance audit, Windows Server hygiene requires situational and up-to-date asset information.
Today, I’ll focus on just one critical job function inside ITOps – managing Windows Server hygiene – and delineate how choosing the right cybersecurity asset management solution can help.
If your role involves managing Windows Server hygiene, you want to start with a complete understanding of the total number of Windows servers you’re responsible for. Answering this question can be difficult in today’s rapidly evolving environment.
Some of your Windows servers are legacy physical servers either in an office, a hosted data center, or perhaps in a manufacturing plant or a warehouse. Other servers are likely virtual instances running on VMware or Hyper-V, whether powered on or off.
These days, your servers might also be found in IaaS cloud providers like AWS or Azure. For most companies, getting an accurate count of those that are powered on and functioning at any given point is an estimate — a snapshot in time.
The cybersecurity asset management solution should collect server information across all offices, data centers, and cloud platforms whether the asset is physical, virtual or a container.
Once you have identified your list of Windows servers, you will want to check and confirm the status and required function of each:
Knowing the server’s purpose will influence a wide array of downstream decisions the team needs to make for server hardening, patching, exceptions, and security.
The cybersecurity asset management solution should provide critical AD object and attribute information for underlying functionality context.
The next step is to understand which Windows version each server is running. But how do you reconcile the server version from so many different platforms?
In most companies, the process is still manual, requiring an elaborate procedure just to combine various inconsistently aligned datasets. A CSV dump from the cloud platform, a report from the CMDB, a review of AD, and perhaps even a look at your scanning tool sets. And then, a merge into one spreadsheet or database — and a lot of manipulation to normalize the version fields to get some semblance of alignment.
The cybersecurity asset management solution should aggregate server version information from a wide range of sources, and automatically deconflict variances to arrive at the correct version with a high degree of accuracy.
Then comes the minutiae related to tracking and managing version control:
Tagging and tracking all these conditions remain an intricate, time-consuming, and often byzantine process for most companies.
The cybersecurity asset management solution should collect and aggregate service pack and patch related information from various data stores, allowing for grouping and tagging of assets by priority, criticality, and exceptions.
You now have a complete count. You know all the versions. You’re managing service packs and patches. What’s next?
Your attention turns to all those pesky agents required on your servers. Most companies have a minimum of four to five agents running on their devices across a range of services, including endpoint management, endpoint detection and response, antivirus, data loss prevention, encryption, file monitoring, and log collection.
A lot of time is spent managing an extensive checklist of conditions with these agents:
The cybersecurity asset management solution should have pre-built integrations to a wide variety of agent-based tools. This allows for simple aggregation of all agent compute characteristics, providing the user the ability to quickly query and identify agent gaps and a variety of agent conditions.
You have invested a lot of work in your journey to this point, but you still have work to do:
The asset management solution should have integrations to accommodate the continuous collection and synthesis of all compute characteristics that may be used to surface any combination of server hardening, resource management, or performance monitoring.
Want to learn how Axonius can provide ITOps with a complete and comprehensive view of all server assets? Attend our monthly platform overview.
41 Madison Avenue, 37th Floor
New York, NY 10010