Phenomenati
Phenomenati
  • Home
  • Phenomena
    • Predictions from 1998
    • Cyber Entropy™
    • The Cyber Reckoning
    • Risk Discipline
    • InfoSec Maturity Model
    • The 5 What Imperatives™
    • The Decisive SOC
    • A SOC Taxonomy
  • CIO Services
    • vCIO Engagements
    • Cyber101 for the Board
  • CISO Services
    • Cybersecurity Strategy
    • Cybersecurity Design
    • Cyber Risk Assessments
    • Cyber ShadowBreaker™
    • Risk Level Agreements
    • SecOps Communications
    • Case Studies
  • Partners
    • Technology Vendors
    • Service Providers
  • About
    • Leadership
    • Contact Us
  • Resource Center
    • Knowledge Sharing
    • Frameworks, Standards
    • Threat Intel & Dashboards
    • Cyber Reconnaissance
    • Vulnerability Management
    • Scanning & Pen Testing
    • Monitoring, IDS, SIEM
    • DFIR Resources
  • More
    • Home
    • Phenomena
      • Predictions from 1998
      • Cyber Entropy™
      • The Cyber Reckoning
      • Risk Discipline
      • InfoSec Maturity Model
      • The 5 What Imperatives™
      • The Decisive SOC
      • A SOC Taxonomy
    • CIO Services
      • vCIO Engagements
      • Cyber101 for the Board
    • CISO Services
      • Cybersecurity Strategy
      • Cybersecurity Design
      • Cyber Risk Assessments
      • Cyber ShadowBreaker™
      • Risk Level Agreements
      • SecOps Communications
      • Case Studies
    • Partners
      • Technology Vendors
      • Service Providers
    • About
      • Leadership
      • Contact Us
    • Resource Center
      • Knowledge Sharing
      • Frameworks, Standards
      • Threat Intel & Dashboards
      • Cyber Reconnaissance
      • Vulnerability Management
      • Scanning & Pen Testing
      • Monitoring, IDS, SIEM
      • DFIR Resources
  • Home
  • Phenomena
    • Predictions from 1998
    • Cyber Entropy™
    • The Cyber Reckoning
    • Risk Discipline
    • InfoSec Maturity Model
    • The 5 What Imperatives™
    • The Decisive SOC
    • A SOC Taxonomy
  • CIO Services
    • vCIO Engagements
    • Cyber101 for the Board
  • CISO Services
    • Cybersecurity Strategy
    • Cybersecurity Design
    • Cyber Risk Assessments
    • Cyber ShadowBreaker™
    • Risk Level Agreements
    • SecOps Communications
    • Case Studies
  • Partners
    • Technology Vendors
    • Service Providers
  • About
    • Leadership
    • Contact Us
  • Resource Center
    • Knowledge Sharing
    • Frameworks, Standards
    • Threat Intel & Dashboards
    • Cyber Reconnaissance
    • Vulnerability Management
    • Scanning & Pen Testing
    • Monitoring, IDS, SIEM
    • DFIR Resources

SOC Capability Area #1) Asset & Configuration Management

The scope of responsibility for Security Operations continues to grow (IT, OT, ICS/SCADA, mobile, cloud, and even IoT), as do the expectations of availability and security. But you can't secure/defend what you don’t know about.  This is where  we begin our taxonomy of the “Top 20” SOC Capability Areas.

Asset & Configuration Management

You can't secure/defend what you don’t know about. So, any security operations effort should build upon a solid foundation of Asset & Configuration Management (ACM) processes and capabilities; enabled by a Configuration Management System (CMS) capability.

 

This does not imply that Security Operations is responsible for building and managing ACM processes and CMS capabilities. Such “IT governance” is already the responsibility of Network Operations and should be performed routinely by organizations following some disciplined IT management framework (e.g., COBIT, ITILv3, etc.). However, Security Operations are critically dependent upon this living knowledgebase of the organization’s assets and services, if they are to be at all effective.


If your organization does not already have such ACM/CMS capabilities in place today... Start Here.


On selecting ACM/CMS capabilities, today's Network & Security Operations teams must consider coverage for the ever expanding range of assets that are deemed to be “in-scope” for their responsibilities:


Networks

  • wired, wireless, physical, virtual, IP and non-IP, even cabling and radio spectrum, etc.

Network Services

  • DNS, DHCP, ARP, proxies, gateways, bridges, etc.

Endpoints

  • physical and virtual servers, transient containers (Docker, Kubernetes, Mesos), “cloud” assets, etc.
  • workstations, virtual desktops, mobile devices, etc.
  • operational technology (OT) and industrial control systems (ICS),
  • and now “IoT” devices to cover literally any other device potentially connected to your networks

Applications, Services, Software, Operating Systems

  • running on any and all endpoints, regardless of who installed and configured them,

And ultimately Information

  • databases, files and filesystems,
  • message traffic, streaming audio/video, etc.
  • on any and all endpoints and networks.

This scope continues to grow, as do the expectations of availability and security.


Most Security Operations teams will already have some level of ACM/CMS capabilities in place. We start with it here because most other SOC capabilities build directly upon this knowledgebase. Disciplined ACM processes and CMS capabilities provide the critical foundation for effectively securing one’s environment.

Learn More

 

This article barely scratches the surface of the need for Asset & Configuration Management capabilities in contemporary Security Operations. But taken together with the other capability areas in this “Top 20” list, we hope to shine a light on the breadth, depth, and complexity of what is involved in building effective Security Operations today.


Contact us if you'd like help identifying and selecting Asset & Configuration Management capabilities to support your own Security Operations efforts.

Find out more

Copyright © 2023 Phenomenati - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept