Posts Tagged ‘Network Discovery’

No complete and accurate inventory? == No Security

December 15, 2008

IT networks are commonly referred to as a modern jungle by their own IT managers. The traditional inventory and asset management tools an organization may use simply cannot cope with the complexity and the dynamic nature of the IT networks. At best they provide information about 50%-60% of the organizational devices. On most organizations one may plug in a device without the knowledge of IT, receiving an IP address and being able to interact with the rest of the network.

The worst part is the effect over the Security of the IT networks. If one is unaware of a certain device then it is also unable to defend it, or defend against it. The security products we buy, and let’s assume they are all best of breed, are deployed only against known devices and entities.

This creates a dangerous situation in which we secure what we know about only. A large number of devices, 20%-50% of additional devices the organization is unaware of,  jeopardizes the stability, the availability and the integrity of the IT networks and the data they carry.

In order to truley security our IT networks we must have a compelte and accurate knowledge with regards to the inventory of the devices that are attached to our networks. an inventory that reflects a true picture of the currently connected devices and must be used as the basis for any security operations.

Network Discovery – The first building block of internal network security

January 6, 2007

One of the things I have learned about network security is that you cannot defend something or against something you are not aware of its existence.

Ask yourself the following questions:

  • Do I know what elements reside on my network(s)?
  • Do I know who is on my network(s)?
  • Do I know what is being done on my network(s)?
  • Does the information I have, if at all, is current?

Don’t be surprised if you have answered no to some of these questions.

Apparently knowing the network is one of the most neglected fields within network security.

Let’s take patch management as an example.

  • How many of your Microsoft Windows-based elements are currently using a patch management solution?
  • How many of your Microsoft Windows-based elements operate outside of an organizational domain?
  • To how many Microsoft Windows-based elements the patch management solution do not have access to?
  • Can you tell how many Microsoft Windows-based elements reside on your networks?

If your organization is requiered to comply with a certain regulation the organiztion is required to demonstrate its ability of controlling and knowing all of its assets…

Real-time contextual information regarding the IT infrastructure should serve as the basis for different management and security applications such as: Asset Management, CMDB, Compliance & Audit, Helpdesk, Intrusion Prevention and Intrusion Detection, NAC, Patch Management, Vulnerability Management, Etc.

Without knowing the network, one simply cannot manage or secure it.