Asset Discovery: A Must Have for Understanding Your Complete Attack Surface
2024-6-12 04:4:42 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

Justin Stouder, FireMon’s Asset Manager GM, met with a large financial services company a few years back, talking with the company’s CISO about their asset inventory. The CISO was enraged.

“It took 11 different teams a total of three months to deliver an asset posture for them,” Stouder said. Three months to tell the CISO how many assets the company had. At one point, the CISO pounded his fists on the desk. That amount of time was clearly unacceptable.

Understanding a company’s complete attack surface is getting increasingly more difficult. The “rapid proliferation of IoT devices will add significant complexity to the already challenging task of managing IT assets,” Gartner says. According to a recent International Data Corporation (IDC) forecast, some 41.6 billion IoT endpoint devices will be online by 2025.

A fast, accurate, and unobtrusive asset discovery solution is now an imperative first step in scoping an organization’s attack surface.

Asset Discovery, a.k.a. You Can’t Manage What You Can’t See

The biggest failed assumption regarding security posture, Stouder said, is that vulnerability management accounts for all the assets in your purview.

“You can only assert a certain posture from a vulnerability perspective on assets you’re aware of,” Stouder said.

Knowing that vulnerability management is downstream, Stouder said, it’s not the first – or second or third – thing you need to do.

“You have to know what your assets are in your environment,” said Jennifer Varner, Director of Cyber Security Solution Sales for Verizon North America, on a recent webcast discussing Verizon’s 2024 Data Breach Investigations Report (DBIR). “You’ve got to have complete visibility into all of your endpoints and once you have that visibility, then you’re able to go and move into what we call ‘quantification’ which is really how do you assess risk based on that endpoint at any given time.”

Stouder agreed.

“You have to know what your assets are. First and foremost,” he said. That sentiment is everywhere, especially on the floor of the recently held 2024 RSA Conference.

Why Speed is Important to Asset Discovery

With the proliferation of AI, attacks are happening at an unprecedented speed. And the proliferation of devices is nothing compared to the proliferation of attacks, Stouder said.

“You need a solution that can give you that (asset discovery) perspective at an enterprise level in under a day,” Stouder said. Complicated, hybrid work environments and cloud workflows that create ephemeral assets are now commonplace. “You have to be very fast at doing discovery, and then being able to do it again, and show the delta in a timely manner. Over and over again.”

Stouder compared a fast discovery tool to a higher-octane fuel for vehicles – like octane, the higher number percentage of assets that are accounted for, the better your security vehicle will run.

“You’re really trying to drive financial risk and prioritization around an endpoint, or a grouping of endpoints, a vulnerability, or other things that are dynamic in your environment,” Verizon’s Varner said. “But the whole concept is how do you get the most out of your investment? How do you know where to put your time first?”

For Stouder, that answer is easy.

“Leading with asset discovery is key,” Stouder said. “It’s absolutely critical. And a lot of organizations are realizing that now.”

According to Grand View Research, the Cyber Asset Management Market is poised to grow from $100 million in 2021 to $4 billion by 2030. That’s a 50% compound annual growth rate (CAGR).

When it comes to combatting bad actors, asset discovery is proving to be an effective tip of the security spear.

In Summary

Lack of visibility into your organization’s attack surface can cause frustration in security teams, and ultimately vulnerabilities in your network. FireMon’s Justin Stouder advocates for a fast and accurate asset discovery solution as an imperative first step toward in building a security posture. After all, you can’t manage what you can’t see! Finally, speed is vital to protect against today’s rapidly produced, AI-buoyed attacks.

*** This is a Security Bloggers Network syndicated blog from FireMon.com authored by FireMon. Read the original post at: https://www.firemon.com/asset-discovery-a-must-have-for-understanding-your-complete-attack-surface/


文章来源: https://securityboulevard.com/2024/06/asset-discovery-a-must-have-for-understanding-your-complete-attack-surface/
如有侵权请联系:admin#unsafe.sh