In today’s modern information technology ecosystem, there are many tools available that can either help or hurt a company’s overall cybersecurity posture. The proliferation of IoT (Internet of Things) devices including streaming TV devices, HVAC controls and sensors, wireless enabled appliances, manufacturing control devices, and more all contribute to the overall footprint of devices and systems that a company needs to consider when trying to better secure their ecosystem.
The multitude of devices that may exist on a company network can be so numerous that you may think it’s nearly impossible to keep everything safe and secure. However, with proper planning and implementation of good sound technology and security solutions, the task does not have to be as daunting as you ay first think.
The first step of knowing what needs to be secured is to know what you have running on your network. There are many ways to do this but it’s important that no matter what option you choose that you end up with a complete picture of all the devices that are either wired or wireless or even those that are connecting via Bluetooth.
You may even find that you have existing software applications and tools that can do a great job in helping you gather the inventory that you need for this effort. For example, most network switch devices contain a treasure trove of information about what devices are plugged into them on the other end of the wire. There are many ways to get at this data and be able to consume it for reporting and integration with other systems. Another example is your endpoint security systems like antivirus products. As long as these products are installed on an endpoint and being updated and managed properly, they too can provide a wealth of information about the device that they are currently installed on.
Another method of gathering inventory data from a modern IT network is to regularly scan the network using open source or commercial off the shelf software that is designed to scan large IT networks and bring back information about the devices that are found during the scanning process. These type of scanning tools can typically determine what kind of device has been found as well as certain attributes of each device including the operating system, the IP and MAC addresses, and more.
If you’re using a technology services provider such as an MSP or MSSP to manage your company’s devices and networks, these type of service providers typically use remote monitoring and management products that can also serve to provide a great deal of data as long as the vendors management software is installed on an endpoint device. You may find that your vendor may also be able to implement network scanning like was referenced above in order to at least identify devices that are not able to have a management agent installed on them but yet still need to be included in the overall inventory that is being gathered.
One area to be sure to not overlook are the vendors from which you buy your IT related gear from. Many vendors will assist you with gathering inventory by simply asking them for purchase records going back as far as you need or as far as they may have records on your behalf. Many times these vendors can be a valuable source of past product purchase information that can be used to supplement your current inventory capabilities in order to provide things such as dates of when the item was purchased, what the purchase price was when it was originally acquired, when and where items were delivered (and sometimes they can even tell you who signed for an item), etc.
Once you have a decent amount of inventory gathered and you feel that it is an accurate representation of what is actually being used within your environment it’s time to start thinking about what vulnerabilities may exist within those systems so that you can start to develop a plan to remediate any issues that are found.
Again, there are many tools and services available to help you discover vulnerabilities that may exist and even help you prioritize the remediation of these vulnerabilities. The vulnerabilities I am referring to could be configuration issues or missing patches or known exploits due to outdated software that can be used by a bad actor to compromise the system and attack your company or steal data from you.
As mentioned before if you’re using a managed technology provider such as an MSP or MSSP, they will typically provide the types of tools and services to be able to not only manage your IT assets and keep an up-to-date inventory but also to be able to have those assets scanned on a regular basis since vulnerabilities are not a onetime event but are things that change over time as new exploits are discovered.
When you have vulnerability scans run, you’re typically provided with what could seem like a mount no data that needs to be sifted through to determine what needs to be tackled first. Most modern vulnerability platforms offer criticality rating based on lots of industry data and known best practices which should help you to build a sort of road map from which you can work with your teams to prioritize your remediation efforts.
It is also important to note that it’s very difficult to remove all vulnerabilities from every system. It seems as soon as you have a system fully patched and secured that new vulnerabilities are discovered the next month or in a couple of months from now making this is a process that needs to be repeated on a regular basis.
I always recommend to my clients and staff that regular vulnerability scanning be done on a weekly basis typically in the middle of the night on a weekend so that first thing Monday morning there can be updated reports to review to see if anything has changed that requires an immediate response.
I know of companies that have waited to do vulnerability scanning until the end of a month or even the end of a quarter, and it’s simply too long to wait to find out about important vulnerabilities that are actively being exploited out in the Wild West that is the Internet world. Some critical vulnerabilities could really expose your company to the threat of being breached and having data stolen or systems being taken down or defaced when the fix for the vulnerability could be as simple as updating a system with patches or closing down a certain port that is open or fixing a configuration on the device.
The bottom line here is that you don’t have to leave yourself and your company exposed waiting for a hacking incident or a data breach to occur. You can take proactive steps on a regular basis to ensure your systems are kept as up to date and secure as possible. If you employ A vendor that is supposed to help you keep your systems inventory and up to date, it’s important that you monitor their performance against this goal.
The security of our systems and the data that is contained within the systems we run every day is an important responsibility that should not be taken lightly. Your staff and your customers depend on you to keep their data safe and secure and to do the right thing with the data that you are entrusted with. If you need help in accomplishing these sorts of tasks please be sure to reach out as the help is abundant in the market and there are plenty of people waiting to help you make sure your systems remain safe and secure.
John Christly is a seasoned Information Technology, Cybersecurity, and Compliance Executive as well as a Computer Forensic Expert Witness, an Anti-Terrorism Specialist, and a Military Veteran. He is an MSI Senior Fellow™ and a Lean Six Sigma Master Black Belt with decades of experience in cybersecurity and compliance related sales, support, and service delivery.
He is a 2020 graduate of the Certified Government Chief Information Officer (CGCIO™) program from the Florida Institute of Government through Florida State University. He was a 2017 finalist for CISO of the Year from the EC-Council, and a 2016 graduate of the FBI’s Citizen Academy.
His experience includes several industry regulations and standards including HIPAA, HITECH, HITRUST, CCPA, CMMC, CJIS, GLBA, ISO, FERPA, FCPA, FIPA, GDPR, NIST, SOX, NY DFS, and PCI.
He is a supportive and collaborative leader with a track record for developing teams as well as aligning sales and channel partner programs that have served healthcare, education, government, telecom, legal, finance, retail, and various other industries.
As an accomplished author, Mr. Christly’s articles have appeared in publications such as Security Magazine, Executive Insight Magazine, 24/7 Magazine, GRC Outlook, and the ISSA Journal. He is also a frequent speaker at international, national and regional technology and cybersecurity events.
Mr. Christly can be reached via email at jchristly@gmail.com
