This is a shameless plug for the very unsexy topic of IT asset management…:
You’re probably familiar with the Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls), a prioritised set of best practices created to stop the most pervasive and dangerous threats of today. It was developed by leading security experts from around the world and is refined and validated every year.
CISOs, IT security experts, compliance auditors, and more use the CIS Controls to:
- Leverage the battle-tested expertise of the global IT community to defend against cyber attacks
- Focus security resources based on proven best practices, not on any one vendor’s solution
- Organize an effective cybersecurity program according to Implementation Groups:
The #1 control in the list is to create and maintain an inventory of all IT hardware. Coming in at #2 is to do the same for software assets. If you don’t have a view of what devices and applications are accessing your data, and what state it’s in (is antivirus really running?, has the user set a weak password?, has someone enabled insecure networking?…) you cannot apply the security controls needed to keep your business running and your data secure.
For example, you want to immediately see all Windows devices missing an endpoint agent, unmanaged devices in various VLANs, and you want to know any time a user has been active but hasn’t changed their password in the past 60 days.
These are really foundational elements of any cybersecurity program, and you can’t see a good way to get the answers and implement controls #1 and #2.
With Asset Management tools from our partner Axonius you can:
- Understand what you have
- Discover coverage gaps
- Validate & enforce security policies
On average, Axonius finds that between 10% and 18% of devices are unmanaged, representing a real threat to the security of your business.
Unlike asset managers from the mainframe era, Axonius is simple to implement and connect to your systems (Cloud, in-house, mobile…), and provides a set of powerful reports out of the box to deliver value from the moment you turn it on.
We would love to arrange a quick demo for you and, assuming you see the value, run a proof of concept exercise for your business.