This is the first part in a series of posts where we’ll look back at how today’s complex environment created distinct challenges across several areas.
Back in the day, IT and security teams oversaw laptops, desktops, and servers — all in one physical location.
Conducting asset inventories used to be easier. IT environments included Windows machines in Active Directory. An antivirus agent was installed, along with some other kind of agent to push out updates.
Device management was simpler too, with someone keeping track on an Excel spreadsheet or the like.
Ahh, the good ol’ days.
Well, fast forward to 2023, and things changed — a lot.
Homogeneous environments disappeared when mobile devices, virtual machines, cloud instances, and IoT devices came onto the scene. Along with each device came a certain operating system and version. The number and types of devices added a new level of complexity to asset inventories.
For IT and security teams, device management became about trying to count, manage, update, and secure a gigantic sprawl of assets. And it posed a whole lot of new challenges.
The transition from simple environments in the past to the complex, fragmented device environment happening now created a bunch of asset management obstacles in cybersecurity.
Discovering all hardware devices generally requires different tools just to identify what machines need to be secured. Most businesses use a patchwork of solutions to discover devices — like network admin tools and vulnerability assessment scanners.
Each of these tools represent one piece in the device puzzle. But none understand the entire hardware landscape. All the information is there, but there’s a “but”. The data is living in lots of different silos that don’t communicate with each other — and they all speak different languages.
Once each device is identified in the environment, cybersecurity teams need an ongoing process to constantly monitor new devices. Understanding and documenting all devices helps assure every asset follows cybersecurity policies.
All the devices are identified. There’s a continuous device discovery process in place.
Next up: knowing what’s on every device.
Inventorying all software installed means knowing things like:
After an accurate inventory of assets (and what software is installed), next is knowing when a state change happens anytime to a device.
Unexpected actions may include configuration changes, open ports, or security agents being uninstalled, putting a device at risk.
Looking at both the past and the present of device management can help understand IT and cybersecurity teams know what to expect (and plan for) going forward.
Change is constant, so all security-related device management programs need to be built to adapt to the inevitable evolution and complexity of devices and cybersecurity and IT environments.
Today, asset inventory is ongoing — and definitely not a “one-and-done” event. Devices show up just as quickly as they leave. An asset inventory that’s accurate right now likely won’t be tomorrow — and certainly not in another month.
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010
.png "Dan Trauner blog quote")
