CTOs and IT managers are no strangers to risk assessment and the urgent need to keep security frameworks up-to-date and effective. But in recent years, the surge in cloud and hybrid solutions has greatly complicated matters. Additionally, the COVID-19 pandemic brought a frantic shift to remote work, resulting in more scattered and ad-hoc hardware outside of corporate control, among other changes.
For the foreseeable future, hybrid workforces appear here to stay. So, it’s safe to say that network assets are less static than ever. Devices are swapped out, IP address churn is rampant, and staff may not report every asset they use in their day-to-day work. This creates challenges when it comes to asset security.
Asset discovery is an even more critical aspect of the security equation. Accurate asset reconciliation can tackle the challenges of dynamic digital architectures so IT teams can get a clear, reliable picture of their security risks, even when their assets are moving targets.
What is Asset Reconciliation
Asset reconciliation tracks and correlates assets through IP or hostname changes to inform accurate vulnerability assessments. This can be accomplished two ways:
1) Using unique identifiers assigned by a cloud provider. This requires 100% virtualization of all assets.
2) Using an algorithm to map hosts from current assessments to past assessments, also known as fingerprinting. This can be done in hybrid environments.
Limitations of Standalone Asset Discovery
As recently as October 2020, CISOs conducting an asset inventory study concluded – somewhat ominously – that they could not discern which assets belonged to the company and which were employee-owned. Many security programs are ill-equipped to manage network churn and the constant influx of endpoints in our decentralized digital infrastructure.
IT teams are further hindered by the challenge of recognizing an asset over different points in time. Considering the high churn rates seen among client machines, not to mention the increased use of personal devices in recent years, using point-in-time only scans and assessments can become virtually useless in a short timeframe.
Mitigate Matching Errors with Asset Reconciliation
There are three common types of host-to-asset matching errors:
- Unmatched and excluded -- When an assessed host is not matched to any asset and excluded from the assessment results/list of real world assets.
- Unmatched and added as Duplicate -- When an assessed host should have been matched to a real world asset but instead remains unmatched and is therefore labeled new, creating a duplicate asset in the list of real world assets.
- Mismatch to incorrect asset – When an assessed host is incorrectly matched to a real world asset because that asset is attached to an IP address that was previously assigned to a different asset.
Technologies implementing asset correlation mechanisms can limit unmatched, duplicate, or mismatched asset identification that compromise the accuracy of vulnerability scans. This reconciliation also fits into the agile structure of today’s workplace. Rather than comparing snapshots of past scan data to current findings, active automated correlation of assets facilitates more rapid identification of potential threats, empowering IT teams to pinpoint and act on vulnerabilities instead of making assumptions.
Organizations that find their current solution cannot solve this challenge should procure a replacement solution that employs a more accurate reconciliation methodology. Unfortunately, those who do not will continue to work from intelligence riddled with erroneous data and thus have an unclear picture of their organization’s actual risk.
Best-in-class vulnerability management and threat assessment
With assets and employees always on the move in this new digital landscape, asset reconciliation is more vital than ever before. You need a vulnerability management solution that includes asset reconciliation which tracks and correlates assets and their data even when their IP address or hostname changes.
At Digital Defense, our best-in-class vulnerability management and threat assessment platform is cloud-native, built for ease of use, and committed to the highest level of performance and accuracy. Contact us to learn more.
About the Author
Mieng Lim, Vice President, Product Management has served as a security expert for Digital Defense, Inc. since 2001. Mieng takes a consultative approach to security having held prior roles in Operations, Quality Assurance and Sales Engineering. Mieng seamlessly blends technical expertise with real world scenarios to provide an entertaining and educational cyber security perspective. Mieng serves a mentor and STEM advocate encouraging young women to pursue careers in security and technology and volunteers with BSides San Antonio as a staff member. Mieng holds a Bachelor’s Degree in Computer Science with Minor in Sociology from Trinity University.