ITAM & NETSEC. A marriage made in heaven?
(3 of 3)
Maybe not a marriage but rather a collaboration, two disciplines that are typically seen as siloed activities.
Too often NETSEC is seen as the needed with ITAM relegated to “nice to have”. We see things differently. While ITAM tools are never going to replace security tools (nor should they), ITAM should be the enabler for many effective NETSEC activities. As the saying goes, well as our saying goes…
“What you know about you can manage, what you can manage you can secure”.
You can’t secure something you don’t know about and this applies equally to hardware and software. With effective ITAM tools in place delivering consistent and accurate discovery and inventory data you can keep your NETSEC teams informed of changes in hardware configuration, software installed and non-compliance issues.
Discovery and inventory are covered in a related article, which can be found here.
Whilst ITAM can be a contributor to NETSEC in terms of informing the NETSEC team about what’s out there and what’s changed, NETSEC can act as the initiator for ITAM actions, for example removing a software product that has known vulnerabilities, securing specific accounts to limit data access rights etc.
When integrating two typically siloed actives defining the touch points is essential. Questions like ‘What can ITAM tell me about my environment that helps NETSEC and what actions should ITAM be performing based on NETSEC advice and guidance?’. Hopefully this example illustrates the need for team work and collaboration between teams with one goal in mind – supporting the business more effectively.
ITAM & NETSEC THE RELATIONSHIP
There are many ways to position and apply a little spin to suit one or another’s vision, but there are some fundamental aspects to the relationship between ITAM and NETSEC that cannot be argued with.
ITAM, if done correctly will have the single truth of what IT assets are being used within an organisation, hardware (and not only computers, but other network attached assets) and software. A comprehensive ITAM solution will be able to provide a level of detail about those assets that will be invaluable in keeping your environment safe.
When an issue is identified through NETSEC, the ITAM tools should be in an ideal position to be able to action the remedial activities needed, such as patching or removing software or identifying devices that should not be on the network.
If we were to take software in isolation, an effective ITAM tool will hold a complete inventory of all software installed on all devices. If you have normalised your software estate, as discussed in another related paper (found here), this task will become much easier. If your ITAM tools have advanced software recognition capabilities, you would also be able to learn about the current patch levels of software and clearly identify where updates are available, allowing your NETSEC teams to prioritise the applications that need patching.
Add system configuration details to this can enable you to not only identify what you have, but also what they are doing, such as services that may be running (Web Servers, FTP Servers etc.), users access rights to network and file shares and local device settings such as BitLocker, firewall settings and AV status details etc.
Hardware, Software Services, Configuration
When your systems are inventoried, make sure you get all the relevant information you will and might need, Siloed inventory solutions delivering only one aspect of the data will soon run out of steam.
This is an enormous amount of intelligence that you can feed into the security of your estate, all from a process that is far to often thought of as a “nice to have”. Now it becomes a “need to have”, and even if you don’t have dedicated NETSEC teams, this level of intelligence will be invaluable to whoever is responsible for keeping your estate safe, your systems available (uptime) and supporting GDPR compliance.
The first task has to be to normalise your software estate. Using effective discovery and inventory with the addition of software recognition you can start to get a handle on this. Knowing what you have allows you to start to decide what you want, which PDF Reader will become standard, which version of WinZip is acceptable and whether the expensive installs of MS Project Professional are being used.
Knowing what your policies need to be, you can now start to enforce. You could allow users to choose the software and services they want from a business approved catalogue or ensure that unapproved software is removed automatically.
To achieve this, you will need advanced software packaging and deployment, rules and systems. Being able to integrate other processes in the workflow, such as license entitlement checks and actions and integration with Active Directory is the enabler of automation. Software deployment should be able to automate all the steps needed when deploying either a physical piece of software or enabling an account in a hosted platform.
Identify & Fix
Identifying risk is one thing but being able to react and fix the issue, without impacting the business, is your next challenge.
We have talked about Automated Software Management in related articles, and a key part of this is the ability to deploy new software patches, remove unwanted, insecure or inappropriate software and perform this in a way that does not adversely impact your users.
Imagine that you identify a specific app that has a possible vulnerability, and there are any number of examples where this has happened. This app needs to be updated to the latest version and done quickly. You have the update needed, ITAM knows where it needs to be installed and so using Automated Software Deployment and a rules-based approach each system where the vulnerable software is installed can be updated the minute it is connected to the network. This needs to apply equally to local machines on the network and those mobile users connecting via their home WIFI.
Using software recognition and software deployment packages update your software estate to the latest version and manage all applications, wherever they are installed, regardless of location.
Using established and repeatable (scheduled) inventory processes, identification and remediation continue to be managed as new occurrences appear.
Being able to cover these, and many other questions will allow effective delivery to your end users, whilst keeping you informed and in control.
This is one example of where the loop of “Identify – Asses – Fix” can be closed.
Support the Business
We have talked in other articles about the need to collaborate across departments to define and manage integrated processes e.g. Starter and Leaver processes. When a user is identified as leaving the business, ITAM can play a significant role, it can react to a request from HR, initiate the process to inform NETSEC of services and rights the user has that need to be managed and it can also execute some of the actions that need to be performed.
It is this level of cross department collaboration that justifies the need for effective ITAM as it sits at the heart of many activities, but more importantly brings often separate activities together into repeatable and secure processes.
Where to start
As with any task, the key thing is to have clear goals and objectives, not least when talking about security related issues. Start by asking yourself what would I like to know?
You may be surprised by the answers you get. It could be as simple as “what devices do I have on my network?”, “what software do I have that is not patched to the latest available versions?” or “what user accounts are setup on local machines?”. Whatever the questions you have, getting the results will show you where you are, and armed with that knowledge you will be able to put in-place actions to resolve any identified issues.
It comes back to where we started, “What you know about you can manage, what you can manage you can secure”.
Whilst ITAM will never be a replacement for network security, having in-place an effective ITAM tool can be an invaluable source of information that keeps you better informed about your environment. With the right choice of tools, not only will you be able to identify potential issues, you will be able to sleep at night knowing that they can, in many instances, be rectified quickly and perhaps more importantly automatically and consistently ensuring you don’t keep fixing the same problems.
If you are looking at discovery and inventory, the automation of IT related processes or if you want a fully integrated IT management tool that will revolutionise your IT management practices then get in touch. We will join you on your journey and help make your IT management a best in class service to your business.
and request a call for an informal chat,
an online demo to your topic
or an live demo through the Deskcenter Management suite.
+44 333 444 25 12
+49 341 392 960 40
+43 720 303 775 40
+41 44 50 87 152