Last time, we talked about the weakest link in IT security: the need to ensure that we’re comprehensively deploying our security investments across our environment. But the reality is that getting an accurate asset inventory is extremely difficult.
The problem is siloed tools – no tool has a single, comprehensive view of asset inventory. We have lots of tools that report inventory, but each of these tools provides a siloed view of the assets based on that specific tool’s purpose:
- Directory Services such as Active Directory are only aware of the systems coming from registered accounts.
- Endpoint technologies are only aware of where they are installed. With their new discovery tools, they may be able to see “other” assets that are near existing agent deployments – but will still miss the 50 BYOD devices from your remote employees that still don’t have an endpoint security agent.
- Network-based technologies such as vulnerability scanners or passive network scanners can discover unknown devices, but they can only see those that are connected to the network. They are blind to the remote sales team that rarely connects to the network since and only access SaaS applications like your CRM.
The takeaway is that you have many tools that report asset inventory, but because they are all siloed, none provide a comprehensive view.
Next, we’ll talk about some approaches that teams are taking to tackle this gap.