The modern IT landscape is becoming more complicated every day. It has been predicted that this year more than $ 5.61 trillion will be spent on it as companies constantly expand their wealth.
This permanent growth means that keeping an eye on everything within the IT infrastructure is becoming increasingly challenging and many organizations work with important blind places in their network.
It ‘unknown unknown’ – gives rise to devices that are unnatural and unchanged, but can still reach important corporate assets. These are the most dangerous types of safety intervals, causing weaknesses that cannot be closed because they are not even on the radar.
It is time to achieve any perception that “what you can’t see will not hurt you – cyber attackers, especially for hidden weaknesses that ignore organizations.
Problem with traditional IT asset management
These safety intervals are not usually the result of effort or lack of investment, but a natural sub -products of IT and security teams are either not the right tools or are not effectively using their equipment. Some teams discovered 15–30% more devices, which were completely away from their radar, even if they were regularly auditing.
Most of this false sense of safety are the result of traditional equipment that are not able to see the larger picture. Many agent-based scanners and on-rivalry safety equipment give only a narrow view and fail to detect all assets on the network. A device may seem safe through a tool matrix, but in fact there is a lack of significant control when the system is associated with other data.
This is increased by highly fragmented IT landscape. Sild teams and disconnected tools make it impossible to get integrated approach to safety. Each team believes that they have control of what they can see, but do not align their data. Without an easy way to compare and compare data and processes, dots will not connect.
Disabled, manual-intellects also limit teams to perform periodic audit. With the environment developed on a daily basis, these audits are old that they are fulfilling.
Why are these intervals the biggest security risks
Cracks in safety visibility may appear in many forms. One of the most common issues is employees reaching corporate systems through incredible equipment. It is particularly prevalent when its own device (byod) policies are combined with flexible work, but without control to return it. Many people are still reaching corporate data using home laptops which are completely out of control of the IT department. This situation means ignoring the danger sitting on your network.
We often find networks that have passive or incorrect assets that appear to be safe and obedient on the surface. Our data finds approximately 10% of the devices, which is a decrease in the required cyber security control, and 20% have not been configured properly. In the worst situation, controls are not working at all.
The audit report may also indicate that a system is offline, but it is actually still communicating with the corporate network and therefore, there is still an active security risk.
These unseen and unsafe tools are highly unsafe for cyber attacks, providing an opportunity to danger actors to establish a leg in the network without triggering any safety alert. By compromising an uncomminated individual machine, the cyber criminal provides an easy way to reach sensitive information on the network and exploit channels such as emails for account takeover (ATO) attacks.
How can organizations close visibility differences
If no organization knows that any property is present, there is no chance to achieve it. So how do teams start finding and accounting for these dangerous unknown unknowns?
The first step is to equip IT and security teams with the right equipment, as well as expertise and procedures to use them. We often find that companies have invested heavily in a full suit of solutions, but many of them are not being used effectively or may be unnecessary to the needs of the company.
This means that, even with these investments, they may not have a clear picture of the safety health of their property. It is not about frequency, it is about the approach. To find and close these intervals firmly, security teams require a thorough view about their entire network and everything that accesses it, and assurance that this picture is completely accurate and up -to -date.
A cyber asset attack surface management (CAASM) strategy is central to achieve this visibility and control. This takes a highly automated approach to asset discovery, which forms a list based on being connected to the network and access system rather than an old inventory.
Once a clear and accurate picture of all assets is established, it is possible to start telling how safe each device is. This means whether the correct safety controls are established, whether they are really functional, and if they have been properly configured. Proper verification is necessary – it is never enough that only controls are working.
From here, it is important to maintain constant, real -time monitoring for all assets. Again, automation is important because it is impossible on the scale to manually correspond the IT asset data. Automatic equipment can compare access log with IT inventions in real time and flag discrepancies.
It is also important to go away from device discovery alone and account for application access patterns. Security teams should have a clear approach to which equipment is reaching major applications and data so that they can see the anomalies such as accessed access from the equipment outside of the managed asset list.
Eliminate blind spots for good
Safety framework such as cyber essential, ISO 27001 and NIST CSF can provide a good starting point for prioritizing security needs and improving visibility. However, organizations need to promote a culture, where unknown property is constantly identified and secured. Even a single -unabled device can open the door for a major violation, so their detection should be embedded in daily tasks, not as annual or quarterly audit functions.
The reality is that many organizations are unaware of the range of their IT blind spots and have a chance to close gaps with their current capabilities. If you do not have full visibility, you are taking safety decisions based on incomplete data. It is like closing the door in front of your front door while leaving the windows open – and then to pull the blind down so that you can’t see the issue.
See the best IT asset management software.
This article was created as part of Techradarpro’s expert Insights Channel, where we today facilitates the best and talented brains in the technology industry. The thoughts expressed here belong to the author and not necessarily techradarpro or future PLC. If you are interested in contributing then get more information here:
