Perception vs. Reality on Security Hygiene and Asset Management

The “Inventory of Assets” is the foundation of our security programs. The deceptive complexity of this first security control in every major security framework has led to a significant and dangerous gap between our perception of how well we are executing and the reality of our execution.

We have a wide range of responsibilities as security professionals: the environments we’re tasked to protect are increasingly complex, as are the threats and threat actors that we’re defending from. There is a neverending list of projects and initiatives to tackle and we’re forced to prioritize our efforts. Because we believe our inventory of assets is under control, we focus our attention on other potential areas of investment.

But the reality is we have very little control over our IT asset inventory. And as it serves as the foundation for our security programs, this gap between perception and reality represents one of the biggest hidden security threats to an enterprise.

Our latest paper uncovers five misconstrued perceptions. And their realities.

    1. We are following best practices for security hygiene
    2. We have a single source of truth for asset inventory
    3. IT owns asset management
    4. We have a good handle on our asset inventory
    5. We’re doing a good job of vulnerability management

How can organizations close this gap and improve their security hygiene and asset management? We discuss some strategies that organizations can leverage to do so in our latest video series starting here (check our blog weekly for new installments).

But there’s also a complete, scalable solution with Sevco: the Sevco platform was designed to automatically ingest and reconcile the inventory reports from your existing tools to produce a unified inventory report. This report will identify any potential inventory gaps you have, and this unified, continuously updated inventory publishes good data into the systems already in use, increasing the security and effectiveness of your people, processes, and tools.

Here’s how Sevco can help:

    • Sevco will perform a risk assessment to identify:
      • Endpoints that are missing agents from your standard build
      • Endpoints that are running out of date agents
      • Systems running End-of-Life operating systems
    • The Sevco platform operates continuously to generate “Live Inventory”
    • Sevco generates Asset Telemetry so you know detailed asset and asset attribute history such as:
      • What IP address a device had and when it changed
      • When a device stopped checking in with a specific service (e.g., patch management)

Download the the report to see what the unpleasant reality is, review our recommendations to close these gaps, and schedule a demo with Sevco to see how we can help.

Post a comment

Your email address will not be published. Required fields are marked *