Prevention, detection, response, and recovery all begin with knowing your assets
When SOCs [security operations centers] receive a suspicious activity alert, they investigate what should be running on that server. Without an inventory, finding the owner and determining whether the activity is malicious can represent precious time lost, especially when newer ransomware variants can encrypt hundreds of thousands of files within minutes.
We’re talking here about two kinds of assets. Physical assets are the machines – workstations, servers, network equipment, etc.
Virtual assets are what you deploy on these physical assets or use in the cloud – software, virtual machines, operating systems, databases, etc.
Organizations are generally used to inventorying physical hardware, but manufacturing/production operational technology or specialized healthcare devices can be harder to inventory, as these might not be handled by IT teams. Virtual assets can be even harder to track because they can so easily be created, moved, and destroyed.
These gaps in inventory are blind spots – not just because they can’t be seen, but also because they are potential attack vectors. Undocumented assets may inadvertently be left unprotected – no security agents installed, no security patching, and no hardening of their configuration. Detection and response capabilities are slowed down without monitoring, security controls, or endpoint protection in place.
Many organizations think they have good asset management capabilities, only to discover after an incident that this was not the case. Asset management tools can help you understand your system, leading to informed longer-term decisions.
When SOCs [security operations centers] receive a suspicious activity alert, they investigate what should be running on that server. Without an inventory, finding the owner and determining whether the activity is malicious can represent precious time lost, especially when newer ransomware variants can encrypt hundreds of thousands of files within minutes.
