What is that? And why is it breaching your network?

By Bill Dunnion

It’s no surprise that mobile devices are everywhere: just this morning I counted 20 in plain sight within 10 feet of my office. And that was just mobile phones. That didn’t include laptops, tablets, hard drives, thumb drives… you get the picture. But it doesn’t end there. For each one of those devices there is also software and apps that must be considered—exponentially growing the list. 

It’s this laundry list of devices and software that accounts for yet another critical facet of Cyber Security—Asset Discovery and Asset Management—the art of knowing what is on your network and, more importantly, knowing what should and shouldn’t be there. 

The fact is, for every company the need for mobility, productivity, and so on, is a must to remain competitive. This also means that the number of tools and devices that play into the new world order of “always on” and “always connected” must be governed in such a way that knowing what is allowed and what isn’t allowed is at the top of mind for the IT and security teams.

One of the first steps that any company can take is to create a comprehensive laundry list of every authorized device on a network. This includes every computer, server, switch, firewall, wireless access point, printer, mobile device including phones, tablets, IoT devices, and more. 

Because, at the end of the day, every one of those devices poses a potential security risk if not authorized, patched and monitored. It’s this practice that not only enables visibility into network devices, but also allows better control, mitigating risk by denying access to unauthorized and unmanaged products. 

To that end, organizations should also create a comprehensive list of authorized and unauthorized software applications and apps. This means allowing only sanctioned software and apps to be downloaded, installed and used. This can mitigate risk of everything from holes being created for nefarious actors to penetrate defenses, to reducing rogue IT issues, and more.

Lastly, once the inventory lists are created and solidified, comes the need for automation that incorporates all aspects of Asset Discovery best practices and policing. In short, the right tool should continually search devices and networks to find and block unauthorized devices, while simultaneously ensuring authorized devices are within compliance standards.

There is more to the feature / functionality of the automation tool that also needs to be monitored: the connection to the outside world. Far past the devices and the apps, there is the ever-present reach into the ether—a constant connectivity to so-called hosts that are looking to refresh apps, push and pull content, and so on. These hosts can also be a potential gateway and therefore a threat. 

And finally, there is the tracking and monitoring of software and app versions. Like many of us on a daily basis, most users are inundated with requests to update software and apps, most of which center on increased features and added functionality, and sometimes security updates. However, just because something is new does not necessarily mean it is better. The challenge becomes vetting new software packages and apps to ensure security needs are adequate and meet corporate standards. 

And while looking at software, the need to upgrade hardware is also a must. Old hardware can also have vulnerabilities as it may prevent new and more secure software, apps, firmware, and more, from being downloaded and used to further prevent potential threats. 

Overall, Asset Discovery and Asset Management is all about due diligence: knowing what devices are being used, which ones are allowed on the network, what software and apps they use, and to what they are connecting. By adding this as yet another piece of the defense arsenal, the questions, What is that? and Why is it breaching my network? should be far less of an issue.