Why Asset Visibility is Very Important to IT Department
There is an agreement on the security side that asset visibility is of utmost importance. CISOs usually worry that “without knowing my territory, how can I defend it”. However, there is less awareness about the importance of how asset visibilities are related to the IT department. Let’s start with why asset visibility matters. At Unefen, we use the “unknown unknowns” (i.e., unknown assets with unknown contexts) to describe the opposite of visibility. Below are some of the examples of unknown unknowns:
- At the aggregation level, how many assets do I have? Are they VMs, bare metal servers, desktops, laptops, or mobile devices?
- Where do these assets locate geographically, on-premise, in the cloud, in private data centers, or in a lab environment?
- Who owns or uses the assets?
- On each asset, what is the operating system, version, and what applications are installed? Are there any very old Firefox versions still being installed and used?
- What critical vulnerabilities are there for the operating systems and applications?
- How many critical vulnerabilities are left unpatched over a week, a month, or three months?
- What data does an asset store, transmit, and compute with?
- Are there cloud assets idled?
- How much do those idled assets cost me on the cloud?
- Is my asset internet reachable with an unencrypted data volume?
- Does my S3 bucket have highly confidential data that is unencrypted, readable to everyone, and open to the public internet?
- After COVID-19, who are the people working from home and using personal devices to connect to corporate VPN, which may introduce malware threats to the corporate network?
- Which employees are connecting to non-IT-approved SaaS services?
- Which asset has endpoint protection or management agent? Is the agent up-to-date? When did the asset last check in? Is the hard drive encrypted?
- Which asset or group of assets has the highest total risk (combining different risk factors such as its user, data confidentiality, business operation criticality, internet-facing condition, vulnerabilities detected, etc.) that should be managed first?
The list can continue to enumerate the unknown unknowns. The IT department from CIO to the infrastructure management team, dev/ops team, business application team, and network management team would keenly want to know the answers to specific unknown and unknown questions. Therefore, asset visibility is not only very important to CISOs, SOC analysts, penetration testers, compliances, and security engineering teams, but also very relevant to IT.
Unefen is a platform using big data and ML to solve the unknown unknowns and brings comprehensive visibility and context to assets. The platform also enables IT and security to take action. Some examples of the use cases are:
- Find all assets in your environment, whether they are IT managed or not, and provide continuous updates to CMDB (Configuration Management Database).
- Find all assets with critical vulnerabilities and certain severe CVEs.
- Find all the old and vulnerable OS and application versions, and bring them up to date.
- Identify overpaid and underutilized cloud assets, and stop or terminate them to reduce cost.
- Find any asset with any IP addresses at any time in history to expedite incidence investigation.
- Eliminate the risk of cloud data exfiltration from internet-accessible instances, databases, and storage.
- Make all assets compliant with security policies, including encryption enforcement and access control.
- Find non-IT managed assets accessing enterprise G-Suite or Office 365, and generate an alert.