How to Track Your Devices, Apps & Data in 3 Steps
How to Track Your Devices, Apps & Data in 3 Steps

Remember when your devices were relatively few, static and accessed data on the network only through a firewall? Barely, right? Those good old days are forever gone as the number of corporate endpoints have multiplied, are sourced from several manufacturers and come with different operating systems. Not to mention users now also access corporate networks from their own devices through applications that are too numerous to count.

Likewise, security has as many challenges as endpoints. Thankfully, the NIST Cybersecurity Framework (NIST CSF) is available, and with it a set of practices you can use to identify the endpoints that play host to sensitive data and compromises that lead to data loss. To secure your devices, apps and data, you’ll want to start with smart asset management. Follow these 3 easy steps.

  1. Inventory all hardware. Start by doing a complete inventory of all devices and their defining attributes. This includes the relationship of device components with capabilities, details about CPU/GPU status and HDD or SSD devices along with any other ancillary peripherals that interact with the device. When you ‘inventory’ in this manner, you are taking a giant leap beyond simple counting and tracking of property. True asset intelligence has evolved from cataloguing machines in your possession to a frame of mind that considers the business function associated with the IT resource.
  1. Map all software applications running on each device. This includes a look at authorized vs. unauthorized applications. How many are there and which apps are unauthorized? By inventorying both hardware and software analytics, you will have a good understanding of what you’re dealing with inside your device population and conversely, when any deviation away from an expected outcome occurs.
  1. Define sensitive data. Finally, set lexicographical lookups to signal any sensitive information on any device. Once you have hardware, software, and data under wraps, you can satisfy the principle elements of the first NIST pillar.

If you’re looking for more information on NIST CSF and its first foundational pillar, Identify, check out my quick video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.

You can also read my detailed look at the Identify pillar of NIST CSF in my blog post. First: See Everything.

 

Video Transcript:

Hey! Josh here from Absolute. I’m back!

And in this week’s episode we’re going to go deeper into the first pillar of the NIST Cybersecurity Framework: Identify

OK – stay with me… Once upon a time the network was a dense nucleus.

It was the home of all of our data. Everything else swirled around the network nucleus. Now, however, endpoints are escaping the gravitational pull of the network. When that happens, all kinds of atomic instability follows.

Here, NIST enters the stage, to help identify all those far-flung devices which is the new place data calls “home”.

The “Identify” category, begins with “Asset Intelligence”, which goes much deeper than inventories. To probe devices for critical details to ensure they line up with their ultimate purpose.

Consider other assets… You don’t think about desks as brackets, wood, screws, and paint. Instead you synthesize those parts and think about how the resource is used: Jane’s work space.

The same is true with our IT assets. And when you pair “Asset Intelligence” with that “Business Environment” then we start to get somewhere. Because companies are like snowflakes: They are all composed of the same material but configured in unique ways.

The “Business Environment” is the “where” that supplements the “what” of “Asset Intelligence”. With both in hand, we have the key ingredients to figure out what should happen in context.

And that’s “Governance”. Which centers around policy: the bedrock of all security programs. Because at its core policy says: “This can do that; that cannot do this”. It’s tempting – it is – to gloss over policy to leap down to specific controls. But if we do that, we’re just going to end up with thousands of controls divorced from their true security intent, which only adds tangles to the complexity.

Finally, we have to connect these internal ingredients – Asset Intelligence, Business Environment, Governance – to the external world that’s filled with risks. When we identify what we have, we drag risk to the floor, because we’re no longer flying blind.

To get to any destination, you must first know where you are. That’s why NIST, pointedly, starts with “Identify”. Next time we’ll dive deeper into the second action of NIST: Protect

For now, get out there, unmask hidden endpoints and enjoy the view when you can see everything.

Drop your comments below, and subscribe because you won’t want to miss what’s coming next. I’ll see you next time.

ABOUT THE AUTHOR

Josh Mayfield

Josh is Absolute’s Director of Security Strategy and works with Absolute customers to leverage technology for stronger cybersecurity, continuous compliance, and reduced risk on the attack surface. He has spent years in cybersecurity with a special focus on network security, threat hunting, identity management, and endpoint security. His research has been featured in leading security publications including, SC Magazine, Infosec, and Dark Reading, and he is often cited by business and tech journalists for his analysis of cryptocurrencies, security operations, and attacker psychology.



0 COMMENTS

Leave a Reply

Your email address will not be published.