By Matt Hubbard, Director, Market Intelligence, Armis
Famous productivity consultant David Allen once said, "Uncaptured, unclarified, and therefore unmanaged things that you have agreed to do own a piece of you and give you no rest.”
With the global economy reeling from the COVID-19 fallout and the Russia-Ukraine conflict, cybersecurity threats are escalating and gaining sophistication against businesses and IT security practitioners alike. We are in the known sphere, and they lurk in the unknown and invisible. The more we know about what we own and use, the better we can defend our operations against cyber threats.
Just not too long ago, Japanese government agencies suffered a cyber intrusion that breached proprietary data, on a now defunct ProjectWEB cloud-based enterprise collaboration and file-sharing SaaS platform that started in the 2000s.
Down under in Australia, the agriculture business is one of its key global exports. According to AgriFutures Australia, there is a concern for rural industries and businesses that may be susceptible to cyber attacks. For example, in 2020, a malware incursion shut down Australian and New Zealand wool sales, while a year later in 2021, global meat processing business JBS faced a cyber attack.
Do we know what we have to protect?
There’s a hard-to-detect security risk that quietly gets larger every day, and it affects virtually every organisation. As unmanaged assets like industrial internet of things (IIoT) devices, industrial control systems (ICS), and even smart consumer electronics proliferate, the security management gap between these unmanaged and managed assets keeps growing. The gap is impossible to see, however, because legacy security tools can’t properly identify and monitor unmanaged assets. To make matters worse, organisations often don’t patch unmanaged assets when vulnerabilities are discovered.
The result? When organisations can’t secure unmanaged devices, attackers can easily exploit those assets, often without setting off alarms until the damage is done. For example, in October 2019, Armis reported our discovery of 11 urgent vulnerabilities affecting the VXWorks operating system that controls more than two billion healthcare, manufacturing, and enterprise devices. In December 2020, however, 97% of the affected devices were still unpatched. A lack of organisational device visibility was no doubt a key culprit.
How do you know if your organisation has a managed-unmanaged security gap that you need to close? Let’s look at why the gap exists, why it’s growing, and what tools you need to detect and eliminate it.
What’s behind the managed-unmanaged device-security gap?
There are two big reasons for the divide. The first is that the number of unmanaged assets is exploding. As many as 50 billion connected assets were already in the field at the end of 2021, per Cisco and Gartner—and analysts project the number to exceed 75 billion by 2025.
These assets include most of the tools and technology we take for granted at work and home, such as bring your own device (BYOD) laptops, tablets, and smartphones; wearables like smartwatches and fitness trackers; and connected speakers and televisions. Unmanaged assets also include IIoT, ICS, and operational technology (OT) devices, in addition to cloud servers and virtual machines.
This expansion of unmanaged endpoints creates new security challenges because these devices are often invisible to IT departments. As far back as 2017, when there were billions fewer unmanaged assets in the field, Armis found organisations were missing 40% or more of the assets in their environments. As the number of assets grows, so does the size of the device blind spot—now closer to 70%. To complicate things further, even IT assets, including company laptops, desktops, and servers, can go unmonitored and unmanaged due to missing or misconfigured agents.
Most organisations simply cannot see all the assets operating in their environments. Instead, they often have siloed, incomplete views of their managed assets while significant numbers of unmanaged assets go completely undetected.
So, how should we tackle this gap?
Closing the unmanaged-managed device-security gap
Businesses need to look for a solution that’s built for complete visibility, which can help identify every asset in their environment and benefit from continuous monitoring and automation. There are 5 key criteria to look for.
1) Comprehensive asset discovery and classification
A smart asset intelligence platform would start by using a continuous, passive, and agentless approach to identify all assets across the environment without disrupting their operations. That gives security teams a complete asset inventory that includes managed, unmanaged, cloud, and BYOD assets – including transient devices.
As such a platform identifies assets, it should automatically analyse these devices' characteristics and behaviour through a knowledgebase to reduce needless human intervention, so that devices can be properly classified and contextually understood for what it is doing versus what it should be doing to detect threats with a high degree of accuracy.
2) Real-time asset risk evaluation
Traditional methods using scheduled scans can miss rapidly emerging threats and cause delays in response. Look for a solution that continuously monitors asset attributes and activity and compares them to the normal behaviours previously defined. When an issue is flagged, such a solution can immediately send alerts to administrators or automate and orchestrate responses across existing security tools to accelerate remediation – all without performing scans that can disrupt asset functions.
3) Integration of all asset data into one dashboard
Inventorying assets manually takes a lot of time and often requires the security team to work across multiple platforms. The results can include data-entry errors, missed assets, and point-in-time inventory data that is almost instantly out of date.
The modern solution for almost any business intelligence system is a dashboard. An asset intelligence platform should bring all asset data into one dashboard—by identifying virtually every asset in the environment and by integrating with your organisation’s existing IT and security tools to provide a single source of the truth. This unified view is continuously scrubbed and updated as assets are monitored.
4) Security policy automation
Manually addressing vulnerabilities and risks is time-consuming and may not happen quickly enough to stop an attacker from causing damage. The larger and more complex the organisation is, the less practical it is to rely on manual security policy enforcement. A smart asset intelligence system should empower the security team can automate policies for device isolation, software updates, alerts, and more, so you can remediate issues in real-time at scale.
5) Faster, more efficient remediation
Cybersecurity mitigation and resilience are always down to speed. The faster we are, the better our defences and responses are to cyber threats and incidents. We should work with a system that can orchestrate efficient and real-time incident response by alerts, raising tickets for team action, real-time evaluation of new assets as they become online, providing timely updates and patches, and quarantining affected or doubtful assets while freeing other assets to continue operations.
By identifying all assets, cataloging and unifying asset data, and enabling automation, a smart asset intelligence platform enables organisations to close the visibility gap between managed and unmanaged assets. With comprehensive, real-time security monitoring, policy enforcement automation, and more effective remediation, you can better protect your organisation’s resources, revenue, and reputation.
0 Comment Log in or register to post comments