Ephemeral devices are those devices that either appear intermittently or exist temporarily in a corporate environment. Because everything from virtual machines and containers, to certain unmanaged devices like cell phones, tablets, and even IoT devices fall within the category of ephemeral devices, they frequently appear in today’s environments.
And while their existence does make some aspects of today’s reality (BYOD, for example) simpler and more accessible, they can also be a migraine in the making for security teams.
To really wrap our arms around the challenges that come with ephemeral devices, we first need to understand what they are — and why their very nature opens organizations up to more risk.
What's an Ephemeral Device?
A whole host of asset types live under the ephemeral device umbrella.
- Virtual machines
- Containers
- Cell phones
- Tablets
- Smart TVs
- Cameras
- Printers
- BYOD laptops
- Conference phones
- Miscellaneous mobile devices
- ...and more
Why Are Ephemeral Devices Tricky to Manage?
Ephemeral devices are often authorized by an organization’s security team, but that doesn’t make managing them easy. That’s because it’s typically tough to identify an ephemeral device’s presence in real time.
Understanding the state of a previously existing ephemeral device is challenging, too. How do you examine an asset’s state when it existed two weeks ago and only hung around for 24 hours?
Ephemeral devices bring along a host of issues that companies need to think about. We’re talking considerations like:
- How can we verify organization-wide compliance if we can’t identify every device in the environment from a week ago? A day ago? An hour ago?
- How can we determine devices’ security postures when the devices in question were created, lived, and became deprecated between vulnerability scan cycles?
- How do we deploy the security patches and agents when we don’t know if and when short-lived devices are created?
- How can we triage an alert for a device that may no longer exist? Or reconcile devices that appear to have the same IP address?
Left unmanaged or forgotten, ephemeral devices can dramatically drive up an organization’s attack surface, cause confusion, and introduce a whole lot of risk.
How Do Ephemeral Devices Impact IT, Security, and Operations?
In a nutshell? You can’t secure what you don’t know. Especially if what you don’t know isn’t there anymore!
The very nature of ephemeral devices makes discovering and managing them complicated, to say the least.
Ephemeral devices can easily skirt around some of the basic security considerations we apply to container and virtual machine deployments. Considerations like:
- Where a device will be deployed
- Whether there are appropriate network security controls
- Who is authorized to use and access the devices
- When the device will be decommissioned
Same goes for the incident response processes involved with unmanaged and unknown devices. For those, security teams typically:
- Receive alerts related to the ephemeral device
- Discover which network segment, VLAN, or subnet the device is communicating on
- Understand the device type
Because ephemeral devices are so easy to spin up, it’s not unrealistic or unreasonable for an organization to have hundreds of thousands of instances.
When it comes down to it, that volume is often more than any team can handle.
Why Can't Traditional Tools Keep Track?
Ephemeral devices aren’t typically long-lasting within an environment — which means that they’re usually unaccounted for in asset inventories created via traditional methods. These approaches simply can’t discover ephemeral devices effectively.
Take scanning tools, for example. Scans are usually completed in cycles, often on a monthly or even quarterly basis. The infrequency of these scans makes it inevitable that ephemeral devices will go undetected — and could lead to a massive visibility gap.
Agent-based approaches are ineffective in identifying ephemeral devices, too. That’s because these devices are often so short lived that they never have an agent deployed in the first place.
And network-based tools don’t often have the contextual data points needed to identify ephemeral devices. They may be able to see some of the ephemeral devices in an environment, but they’re not delivering the full picture.
Closing the Gap with Cybersecurity Asset Management
Traditional asset management methodologies present too many pitfalls when it comes to identifying and managing ephemeral devices. That’s why it’s essential to use tools and technology built uniquely for cybersecurity asset management.
Tools built for cybersecurity asset management allow for continuous discovery. They take the question, “What’s in my environment?” out of the equation by showing you everything — and how to secure it all.
Learn more about ephemeral devices and the challenge they pose to cybersecurity. Download the ebook,“Discovering, Managing & Securing Ephemeral Devices: A Primer for Cybersecurity Asset Management”.
