#2 on our list of “Top 20” SOC Capability Areas builds on the foundational visibility provided by Asset & Configuration Management capabilities, with continuous Asset Discovery.
Today’s IT environments have grown increasingly more complex and dynamic. Continuously evolving, like clouds of plasma. Trends toward completely mobile clients, server and network virtualization, “cloud” (off-premise) infrastructure, micro-services, and containerization are making it increasingly more difficult for Asset & Configuration Management (ACM/CMS) capabilities to track an organization’s highly transient technology assets and services. More recently, the popularity of “smart” IoT devices is presenting new demands for continuous network scanning for unsanctioned devices. This ‘cyber entropy’ demands an effective practice and capabilities for continuous Asset Discovery.
As with ACM/CMS, continuous Asset Discovery should primarily be the responsibility of your Network Operations team, performed as part of their COBIT/ITILv3 governance discipline. But without such capabilities, your Security Operations will struggle to identify what to defend, and what may present a threat. Literally like an N-dimensional chess game where the board, pieces, and even players are constantly changing.
On selecting Asset Discovery solutions, many contemporary ACM/CMS solutions include such functionality. But most are challenged to keep up with the onslaught of new, often transient, devices on your networks and even the boundaries of what constitutes the “networks” themselves. To maintain the best visibility possible, and demonstrate due diligence commensurate with growing regulatory compliance demands, your Asset Discovery capabilities themselves should be continuously evolving.
Even mature Security Operations teams struggle to map the constantly shifting sands of what constitutes the "cyber" domain they are charged to defend. But this self awareness must be continuously maintained to support defenses that effectively mitigate risk to the organization.
Adversaries are constantly scanning your environment. So should you.
This article barely scratches the surface of the need for Asset Discovery capabilities in contemporary Security Operations. But taken together with the other capability areas in this “Top 20” list, we hope to shine a light on the breadth, depth, and complexity of what is involved in building effective Security Operations today.
Contact us if you'd like help identifying and selecting Asset Discovery capabilities to support your own Security Operations efforts.
Copyright © 2019 Phenomenati - All Rights Reserved.