How Proper Asset Management Can Prevent Cyberattacks

Too many CISOs make the mistake of assuming their IT teams have all the answers when it comes to certifying that their networks are clear of cybersecurity threats.

Perhaps no place is this truer than in hospitals and other healthcare facilities, which are frequently targets of ransomware that can prevent clinicians from accessing medical records or tools.

The reality is that hospitals have a lot of equipment on their networks that their IT teams don’t manage or care about, which can create headaches for security teams.

Ideally, in such situations, the security team tells IT that if an asset is on the network, it needs to be in a configuration management database (CMDB). This gets at the heart of proper asset management and how it supports security operations.

Asset management involves all of the policies, processes and procedures shepherding IT assets from acquisition to retirement.

Everything begins with an organization’s process for bringing in new IT assets and ensuring they’re added to the CMDB, along with information on the date of purchase, means of procurement, cost and end of life. Not only does this help security teams see what is owned and authorized, it has the added benefit of helping IT control or reduce costs over time.

Discovery tools, such as Microsoft’s System Center Configuration Manager or ServiceNow’s Discovery can tell you what’s in your IT environment and populate information when incidents are reported with, say, a laptop. Organizations should also note which assets are in use versus merely being deployed.

A bad process is better than no process in these instances; a process can always be improved and provides consistency useful to new hires being trained.

Other steps in the asset lifecycle include maintenance and decommissioning or retirement, whether via donation, sale or destruction. Those things need to be tracked too, because it’s not uncommon for configuration items to show back up in an IT environment, particularly when assets are sold to employees.

Asset management supports security operations by increasing the visibility of what is in the IT environment.

Early detection is an important aspect of SecOps, so vulnerabilities can be patched before they’re exploited. Time is of the essence here.

Detection tools alerting analysts to cyber incidents can feed into the ServiceNow platform, as can tools identifying vulnerabilities to prevent a zero-day exploit.

Identity and access management tools add another layer of visibility for security teams by alerting them to disparities between the assets that should have access to environments and the ones that actually do.

Once all of this data is consolidated in a CMDB for analysis, then and only then can various responses to known issues be automated. ServiceNow doesn’t magically make that happen.

Automation can assist with validating that patching occurred, checking for vulnerabilities multiple times per day and incident response.

Increasingly, software bills of materials, or SBOMs, are feeding into CMDBs for analysis.

Windows 11 alone has at least 30 different components, and most apps have many as well. Security teams need to know which of those components are active and the individual security risk of each, as well as if they’re outdated.

In this way, asset management and SecOps are ever-evolving.