Date: November 23rd, 2022
You don’t have to be a government agency to see President Biden’s September memorandum directing federal agencies to create a full inventory of the software they use as a call to action. After all, vulnerabilities don’t care whether you are part of the government, and bad actors even less so.
The spate of cyberattacks over the last few years, including the SolarWinds attack in 2020, has leveraged known but unmanaged vulnerabilities in common software to create digital backdoors to enterprise and government infrastructures. According to the HISCOX Cyber Readiness Report 2022, 48% of companies have reported a cyber attack in the last 12 months, and IBM reports that they average cost of a data breach in the US is $9.44 million. An attack can have tremendous consequences for a brand, including lost revenue due to service interruptions, ransom paid to retrieve stolen data, lost customers and increasing insurance premiums, as well as irreparable damages done to your brand.
You might wonder why the US government has prioritized software inventories and not, for instance, increasing spend on cyber security. As the HISCOX report points out, companies are already spending an average of 24% of their total IT budget on cyber security, but bad actors are still getting through.
Effective vulnerability management isn’t just about waiting for a known vulnerability to creep in, but rather, taking steps to avoid them where possible. A part of this strategy is ensuring you keep your IT estate up to date with hardware and software that is within its current effective life/support.
Keeping your estate up to date means getting complete visibility. All the firewalls and two-factor authentication procedures in the world won’t defend your infrastructure from a vulnerability you didn’t know you had.
5 steps to comprehensive visibility
IT visibility is key in remediating security gaps and protecting your infrastructure against future threats. But true visibility requires more than just inventorying your software assets. You need a comprehensive overview of your software asset data to truly understand the potential risks to your environment.
1. Collect the data – The first and most important step is to create a complete view of all the software assets in your IT landscape. Many organizations have a Configuration Management Data Base (CMDB) and believe it contains all the data and that the data is high quality. But if we’re being honest, enterprise CMDBs are often incomplete or inconsistent.
So, when collecting data, successful organizations will rely on a combination of on intuitive technologies that automatically collect the data and creates the foundation for complete IT visibility.
2. Aggregate and transform– Once collected, you now need to ensure you have a consistent data model across all sources, without duplication. Data collected from many different sources must be consolidated to get a comprehensive view of every unique device. Transforming the data into a common data model helps to provide a standard, allowing you to quickly identify gaps, inconsistencies, orphaned assets, and many other insights.
If you were to stop here, you have achieved the bare minimum for IT visibility, that is, you have created a “complete and unique list of your hardware and software inventories”. Some organizations will stop here, others will leverage technology to automate everything leading up to this step so that this task is more efficient in the future (don’t kid yourself: IT visibility isn’t a task, it’s an ongoing program), the most mature organizations will proceed to step 3.
3. Normalize the data – Once transformed, your data can be enhanced through normalization. Prior to this step your hardware and software inventory are but complex strings in a system. They have little structure and confused meaning. Normalization removes this confusion and simplifies the raw inventory data creating more meaningful insights. Once normalized you can answer questions like “How many adobe acrobat installations do I have, or each edition, and each version across my estate” with the click of a button, versus needing to review a list of inventory fingerprints and trying to determine what is a true installation versus an ambiguous footprint or registry file.
4. Enrich the data – Data enrichment is the process of taking 3rd party data insights and combining this with your newly created completed and normalized data set. By supplementing the discovered technical data with non-technical data such as End of Life and End of Support information, license type, CVE information, and software utility, you can begin to see where vulnerabilities exist. For instance, you can determine whether aging or outdated software or hardware are adding unnecessary risk to your organization.
5. Identify and remediate vulnerabilities – Only when the data has been enriched do you really have an inventory that will allow you to protect your critical business infrastructure. You can determine the security positions of all your assets and begin prioritizing remediation activities.
Even if you’re not facing a 90-day federal mandate, you can still get comprehensive IT visibility quickly with the right tools. Raynet’s Unified Data Platform gathers, normalizes, and enriches your data, so you can get a clear picture of your IT environment. Visibility is the most important step in any IT security program, so get the data you need now.
Author:
Related links:
Share blog:
IT Visibility in under 90 days? Here’s how it’s done.
Reading time: 2 minutes
November 23rd, 2022 | Joshua Brazee
You don’t have to be a government agency to see President Biden’s September memorandum directing federal agencies to create a full inventory of the software they use as a call to action. After all, vulnerabilities don’t care whether you are part of the government, and bad actors even less so.
The spate of cyberattacks over the last few years, including the SolarWinds attack in 2020, has leveraged known but unmanaged vulnerabilities in common software to create digital backdoors to enterprise and government infrastructures. According to the HISCOX Cyber Readiness Report 2022, 48% of companies have reported a cyber attack in the last 12 months, and IBM reports that they average cost of a data breach in the US is $9.44 million. An attack can have tremendous consequences for a brand, including lost revenue due to service interruptions, ransom paid to retrieve stolen data, lost customers and increasing insurance premiums, as well as irreparable damages done to your brand.
You might wonder why the US government has prioritized software inventories and not, for instance, increasing spend on cyber security. As the HISCOX report points out, companies are already spending an average of 24% of their total IT budget on cyber security, but bad actors are still getting through.
Effective vulnerability management isn’t just about waiting for a known vulnerability to creep in, but rather, taking steps to avoid them where possible. A part of this strategy is ensuring you keep your IT estate up to date with hardware and software that is within its current effective life/support.
Keeping your estate up to date means getting complete visibility. All the firewalls and two-factor authentication procedures in the world won’t defend your infrastructure from a vulnerability you didn’t know you had.
5 steps to comprehensive visibility
IT visibility is key in remediating security gaps and protecting your infrastructure against future threats. But true visibility requires more than just inventorying your software assets. You need a comprehensive overview of your software asset data to truly understand the potential risks to your environment.
1. Collect the data – The first and most important step is to create a complete view of all the software assets in your IT landscape. Many organizations have a Configuration Management Data Base (CMDB) and believe it contains all the data and that the data is high quality. But if we’re being honest, enterprise CMDBs are often incomplete or inconsistent.
So, when collecting data, successful organizations will rely on a combination of on intuitive technologies that automatically collect the data and creates the foundation for complete IT visibility.
2. Aggregate and transform– Once collected, you now need to ensure you have a consistent data model across all sources, without duplication. Data collected from many different sources must be consolidated to get a comprehensive view of every unique device. Transforming the data into a common data model helps to provide a standard, allowing you to quickly identify gaps, inconsistencies, orphaned assets, and many other insights.
If you were to stop here, you have achieved the bare minimum for IT visibility, that is, you have created a “complete and unique list of your hardware and software inventories”. Some organizations will stop here, others will leverage technology to automate everything leading up to this step so that this task is more efficient in the future (don’t kid yourself: IT visibility isn’t a task, it’s an ongoing program), the most mature organizations will proceed to step 3.
3. Normalize the data – Once transformed, your data can be enhanced through normalization. Prior to this step your hardware and software inventory are but complex strings in a system. They have little structure and confused meaning. Normalization removes this confusion and simplifies the raw inventory data creating more meaningful insights. Once normalized you can answer questions like “How many adobe acrobat installations do I have, or each edition, and each version across my estate” with the click of a button, versus needing to review a list of inventory fingerprints and trying to determine what is a true installation versus an ambiguous footprint or registry file.
4. Enrich the data – Data enrichment is the process of taking 3rd party data insights and combining this with your newly created completed and normalized data set. By supplementing the discovered technical data with non-technical data such as End of Life and End of Support information, license type, CVE information, and software utility, you can begin to see where vulnerabilities exist. For instance, you can determine whether aging or outdated software or hardware are adding unnecessary risk to your organization.
5. Identify and remediate vulnerabilities – Only when the data has been enriched do you really have an inventory that will allow you to protect your critical business infrastructure. You can determine the security positions of all your assets and begin prioritizing remediation activities.
Even if you’re not facing a 90-day federal mandate, you can still get comprehensive IT visibility quickly with the right tools. Raynet’s Unified Data Platform gathers, normalizes, and enriches your data, so you can get a clear picture of your IT environment. Visibility is the most important step in any IT security program, so get the data you need now.