The World Economic Forum now recognizes cybercrime and insecurity as significant global risks. However, many organizations struggle with the fundamentals of protecting themselves due to a lack of comprehensive understanding regarding their IT infrastructure and asset inventory. Protecting the unknown becomes exceptionally challenging. Essentially, safeguarding assets that are not acknowledged is impossible.
Resolving this problem is more complex than it initially seems. Mapping IT assets may be relatively simple if an organization's estate remains static. However, in reality, organizations are continuously making changes to their systems, networks, and configurations. With the ongoing digital transformation, change has become a constant factor.
Achieving Visibility and Control
To tackle this issue, organizations need solutions that provide comprehensive visibility into their systems. They must also possess the capability to take action based on that visibility, whether it involves implementing security measures or responding to attacks and breaches. This requires four key capabilities:
· Asset discovery and inventory: Organizations must be able to map their systems continuously, scanning all assets and endpoints. By building an updated inventory in real-time or near real-time, organizations can maintain an accurate view of their IT infrastructure and potential vulnerabilities. This includes monitoring installations and locations.
· Patch and software management: Armed with detailed visibility, organizations can take action to mitigate vulnerabilities. Implementing patches promptly, as released by hardware and software providers, becomes crucial. Managing this process effectively requires prioritizing the most critical vulnerabilities and keeping track of outstanding tasks. Organizations should also consider how software updates may impact their overall system environment.
· Compliance and vulnerability management: Organizations must establish processes to manage both known vulnerabilities and emerging threats. This includes incorporating threat intelligence to address potential risks. Additionally, organizations may need to provide evidence of their efforts to meet regulatory compliance requirements.
· Threat detection and response: This component is the final piece of the puzzle. Some threats may bypass defences before vulnerabilities can be patched, while others may not have available patches. Therefore, organizations need tools capable of detecting threats throughout their inventory and responding accordingly. Without this capability, breaches of their defences may go unnoticed.
Potential Platforms and Services
EY's partnership with Tanium offers organizations access to all four critical capabilities. Together, they provide a managed visibility and control (MVaC) service, empowering organizations to overcome these challenges effectively.
By adopting this approach, organizations can gain better visibility into their IT assets and exercise control to address vulnerabilities and respond promptly. Key benefits include more accurate and consistent mapping of the IT estate in real-time and faster defence and protection.
Attempting to tackle these challenges independently can prove difficult for most organizations, especially considering the constant changes in their inventories. However, by automating asset discovery, organizations can significantly strengthen their cybersecurity posture.