Ephemeral devices are those devices that either appear intermittently or exist temporarily in a corporate environment. Because everything from virtual machines and containers, to certain unmanaged devices like cell phones, tablets, and even IoT devices fall within the category of ephemeral devices, they frequently appear in today’s environments.
And while their existence does make some aspects of today’s reality (BYOD, for example) simpler and more accessible, they can also be a migraine in the making for security teams.
To really wrap our arms around the challenges that come with ephemeral devices, we first need to understand what they are — and why their very nature opens organizations up to more risk.
A whole host of asset types live under the ephemeral device umbrella.
Ephemeral devices are often authorized by an organization’s security team, but that doesn’t make managing them easy. That’s because it’s typically tough to identify an ephemeral device’s presence in real time.
Understanding the state of a previously existing ephemeral device is challenging, too. How do you examine an asset’s state when it existed two weeks ago and only hung around for 24 hours?
Ephemeral devices bring along a host of issues that companies need to think about. We’re talking considerations like:
Left unmanaged or forgotten, ephemeral devices can dramatically drive up an organization’s attack surface, cause confusion, and introduce a whole lot of risk.
In a nutshell? You can’t secure what you don’t know. Especially if what you don’t know isn’t there anymore!
The very nature of ephemeral devices makes discovering and managing them complicated, to say the least.
Ephemeral devices can easily skirt around some of the basic security considerations we apply to container and virtual machine deployments. Considerations like:
Same goes for the incident response processes involved with unmanaged and unknown devices. For those, security teams typically:
Because ephemeral devices are so easy to spin up, it’s not unrealistic or unreasonable for an organization to have hundreds of thousands of instances.
When it comes down to it, that volume is often more than any team can handle.
Ephemeral devices aren’t typically long-lasting within an environment — which means that they’re usually unaccounted for in asset inventories created via traditional methods. These approaches simply can’t discover ephemeral devices effectively.
Take scanning tools, for example. Scans are usually completed in cycles, often on a monthly or even quarterly basis. The infrequency of these scans makes it inevitable that ephemeral devices will go undetected — and could lead to a massive visibility gap.
Agent-based approaches are ineffective in identifying ephemeral devices, too. That’s because these devices are often so short lived that they never have an agent deployed in the first place.
And network-based tools don’t often have the contextual data points needed to identify ephemeral devices. They may be able to see some of the ephemeral devices in an environment, but they’re not delivering the full picture.
Traditional asset management methodologies present too many pitfalls when it comes to identifying and managing ephemeral devices. That’s why it’s essential to use tools and technology built uniquely for cybersecurity asset management.
Tools built for cybersecurity asset management allow for continuous discovery. They take the question, “What’s in my environment?” out of the equation by showing you everything — and how to secure it all.
Learn more about ephemeral devices and the challenge they pose to cybersecurity. Download our latest ebook,“Discovering, Managing & Securing Ephemeral Devices: A Primer for Cybersecurity Asset Management”.