Dave Lewis

Device Monitoring: What's On Your Network?

Blog Post created by Dave Lewis Employee on Jul 2, 2015

Pop quiz. Right now, without looking. How many systems are on your network? How many systems are supposed to be there? Numbers not adding up? This is an ever present problem with enterprises today. So, what are you doing about it?

 

Years ago I was working for an enterprise and I had to deploy a new antivirus product. This was a rip and replace of the incumbent which had not been properly implemented and was horribly out of date and when the maintenance contract came up for renewal it was an easy chance to repair the issues.

 

The real challenge was identifying all of the systems that needed to be upgraded. My first port of call was to check the asset inventory system. I had reviewed the number of agents that were deployed in the incumbent software and after looking at the inventory I realized that there was a gap. Luckily there was only about 25 systems that had fallen between the cracks and thankfully these systems were up to date. They just weren’t reporting in for whatever reason.

 

That could have been so much worse than it was. Those systems could have been infected. They all had access to network resources and and various repositories. It was disconcerting that those systems were not seen in the console. If you don’t have proper visibility into what is on your network you’re operating at a disadvantage.

 

While I used the antivirus as an example I could just as easily point to patch management as an issue. If you’re not properly patching your systems you could still have something like a Microsoft vulnerability like MS08-067 on your network still. In addition to be a huge exposure it could be career limiting if you have a penetration test conducted and that ending up in a report to the C-suite. Not good.

 

You want to ensure that the systems on your network are running in a desired state. Have a proper asset management system deployed. Validate the data in that system. It is important to ensure that this collected data is accurate. It is important to scan the network looking for surprises. Nasty as they may be, you can’t mitigate problems that you cannot see. By running scans you can help to validate the results in your asset management and network monitoring tools.

 

Whether you are worried about the security of the endpoints on your assets, the patch levels, the asset inventory or software licensing, you need to make sure you know what is on your network.

 

I’ve got a good amount of scar tissue on my psyche from having to deal with this sort of thing for many years. Don’t rely on your monitoring systems using the Ron Popeil “Set it and forget it” method. That just doesn’t work out in the end.

 

Originally posted on Forbes, March 2015

Outcomes