Then you have to take into account the physical and virtual assets comprising a typical environment, many of which come and go, connect and disconnect independent of IT management.
In a 2022 study commissioned by IBM, technology analyst firm IDC found that the average number of IT assets managed by 29 organizations studied was 2.7 million.
That's a lot of systems and devices, and it's only the ones that are in the known inventory.
Another report found that as many as 20% of an organization's IT assets may be invisible to IT management and security operations, meaning more than a half-million unsecured things are operating in the average enterprise.
Because connectivity is so essential, a lot of things that constitute the Internet of Things end up attaching themselves to the enterprise network.
In our experience here at Ordr, we've seen exercise equipment, gaming consoles, Kegerators, Tesla automobiles, and a lot more operating alongside mission-critical IT systems, Internet of Medical Things devices, operational technology, and plenty more.
Every asset in an organization's inventory that is not accounted for and protected is a potential attack vector, or step along a path or lateral movement that an attacker can use to gain access or move undetected.
That puts a lot of pressure on the CISO, and it also feeds into a vicious asset management and security cycle since a failure to keep track of all assets, including IoT, means that you can't properly identify your attack surface.
These include assets with vulnerabilities, those running outdated operating systems, or devices missing a security agent or patches.
Threats thrive in chaos, and so risks increase when assets are not fully inventoried, monitored, and managed in real-time.
Granular context matters - Asset visibility must include deep threat and asset context.
This requires a combination of methods to continuously discover and classify an asset - via deep packet inspection of network traffic, API, NetFlow.
In order to determine if you're impacted by a Zero Day like MOVEit, you must know what applications are actually running on your device.
To identify vulnerabilities that affect your assets, you may need to know the specific minor version of operating systems running.
Behavioral analysis via AI can be a differentiator - Devices are deterministic, a video surveillance camera or an HVAC system or a medical device all have specific behaviors in the network based on their functions.
The ability to baseline these communications patterns not only surfaces anomalies- early indicators of a potential compromise, but also informs the foundational Zero Trust policies to secure those devices.
Automated policies are important to scale - When there are hundreds of thousands of connected devices in the network, the only way to secure them are via automated policies.
When a device fits a specific profile, a pre-defined policy can automatically be applied, for example, activating a vulnerability scan when a new device is discovered on the network.
CISO's must gain the means to see every asset across a multidimensional enterprise with fidelity and granular context.
Only then will they be able to identify their attack surface and address the security gaps that put their enterprise at risk.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 19 Dec 2023 13:13:05 +0000