You can’t protect what you don’t know about.
It may seem trite to bring out that cliché, but the fact is that it remains relevant in information security today. So much of what we do in this industry is about discovery, whether it’s discovery of assets, discovery of vulnerabilities, or discovery of an existing compromise. As information security professionals, we often play the role of a high-tech detective, just trying to figure out what happened and who was involved.
It’s easy to get enamored with the latest tool for analyzing packets or searching logs, and those tools are an important part of the overall picture, but I’d like to take a moment to step back to one of the fundamental security controls that we all agree is necessary but often fail to implement: Asset Discovery.
We all know that the network is not a static entity. Whether it’s hosts being moved or deployed without change control, or users bringing devices into the network, or actual malicious activity, the constant is change in the assets that are part of the environment. Change in the assets that are part of YOUR environment.
Tripwire has just released a new product, the Tripwire Asset Discover Appliance. I won’t repeat the whole press release here, but I did want to take a minute to explain the why behind the launch. Actually, I think I’ll let Tony Sager, from the Center for Internet Security, explain it first:
“Identifying what’s on your network is a basic information security best practice that, unfortunately, remains difficult for many organizations. If you don’t know what you are protecting, it’s very difficult to apply the most effective controls. And it’s even more difficult to recover effectively if you are exploited.”
We found that while our customers are actually implementing both basic and fairly advanced capabilities for securing their assets with Tripwire products, they were often missing the discovery component that ensures they’re actually covering all the assets they have.
And it’s not just existing customers who have this challenge. As Michael Oberlaender, CSO, puts it,
“The first step in any effective security program is to know exactly what is on your network because you can’t protect it if you don’t know it’s there. In order to protect those assets you need appropriate anti-malware defense mechanisms and you need to be able to detect all changes and reconcile them against an authorized change list. If you have all three of these pieces in place you have the baseline information you need thwart attackers using threat intelligence feeds and other, more proactive measures.”
One of the challenges we find with customers who are new to Tripwire is that they’re not sure what’s in their environment to start with. That makes it hard to deploy any new controls effectively. They are missing that first step.
It’s these two customer needs for the same functionality that led us to release the Tripwire Asset Discovery Appliance. We think it will help customers continuously discover what’s on their network so that they can more effectively secure and protect their assets.
Title image courtesy of ShutterStock