Five questions organisations should ask when evaluating an asset management solution
Article by Forescout Asia Pacific and Japan senior director of systems engineering, Steve Hunter.
As we move further into 2020, asset visibility remains essential for businesses, as it lays the foundation for a strong cybersecurity program. The close of 2019 still saw many organisations lagging behind in applying asset management solutions, often struggling to get budget to implement this vital initiative for the new decade.
Asset management solutions are imperative for business security, and choosing the right solution that is tailored to business requirements, will determine its success. With asset management tools for information technology (IT), others for operational technology (OT), some that are inventory-only tools, and some that provide active, passive or hybrid monitoring, it is important to understand the factors that will determine the optimal type of asset management for the organisation.
There are many asset management solutions that claim they can solve all problems, and it is important to understand what the organisational requirements are, as well as long-term strategic goals and objectives and how that fits with the solution being offered. Of key importance is gaining confidence that the asset management system is a true reflection of the assets in the enterprise, in as close to real-time as practical.
Forescout has developed five questions organisations should ask when evaluating an asset management solution for organisations that have an IT and an OT environment, but the questions apply independently to both domains.
1. Does the organisation have OT environments where a passive monitoring solution is needed?
Examples may be manufacturing systems, shipping logistics, power infrastructure, and building automation systems. These systems include any network that may have sensitive assets whose physical operations could be disrupted by being queried with ping sweeps, scans, etc.
2. Does the organisation need to do more than just build out a basic asset inventory list?
Organisations that must comply with internal or external standards and regulations may need to also identify and document operating systems, firmware versions, installed software, installed patches, open ports and other details.
3. Does the organisation have planned or existing tools in its environment that an asset management solution will need to integrate with to maximise return on investment (ROI) for security investments?
The more data an organisation can collect about the network and endpoints the more value they will get out of existing toolsets once they are integrated. Examples may include ticketing systems, such as ServiceNow, Security Information and Event Managers (SIEMs), or even firewalls and switches that can optionally enforce controls at a time when the organisation is ready for that next step.
4. Does the organisation need an asset management solution that can scale across the organisation to include the business network, cloud assets, OT infrastructure, IoT devices, and any other disparate environments that may exist?
Having a scalable, platform-based solution that offers the necessary functionality for each target environment and can integrate with complementary solutions is a huge advantage. While a single solution can’t do everything, it should easily integrate with existing solutions to let organisations take a proactive approach to cybersecurity, while also getting better ROI on existing investments.
5. What other security initiatives are currently underway or will begin soon?
Understanding other initiatives in play can be beneficial as it can help security stakeholders better prioritise activities. A comprehensive asset management solution can provide critical data for other cybersecurity initiatives, including network segmentation projects and selectively applying controls when suspicious or potentially dangerous events have been observed on the network. This requires visibility first and foremost and leverages policies to apply controls when events have or haven’t met specific criteria. Integration is key for taking a proactive approach to cybersecurity and makes existing investments that much more valuable.
Hybrid solutions are a great option for monitoring, as they bring the best of both active and passive monitoring. However, understanding the unique environment of the organisation will help the best asset management solution be identified.