Today, organizations can best defend against digital threats by practicing endpoint discovery. Knowing exactly which devices are installed on a network provides security professionals with key intelligence for effective incident response. Indeed, information security teams who lack that knowledge might fail to detect or contain an intrusion before it escalates into a breach.
Endpoint discovery helps facilitate security, but that doesn’t make it easy. Depending on the types of devices installed on the network and the manner in which they’re configured, organizations might not be able to discover all of their devices without interrupting service.
Fortunately, there are no brick walls in endpoint discovery. As I discuss in a recent blog post, organizations can overcome those obstacles by following some basic steps, such as scanning the network and maintaining an up-to-date inventory of their endpoints.
That inventory shouldn’t just include what’s installed on the network. It should also include what applications are running on each and every endpoint. Such is the logic behind software discovery, the second of six key security controls employed by endpoint detection and response (EDR) systems.
In today’s threat environment, attackers are just as likely to exploit unknown applications as they are unknown network nodes. In fact, the mere presence of an application on an endpoint could signal an attack is underway, which is why organizations need to make sure they can account for all known and unknown applications.
How can organizations augment their security programs to help spot these unauthorized software packages?
One answer is found in Tripwire’s Endpoint Security Survival Guide: A Field Manual for Cyber Security Professionals, a publication which provides useful recommendations on how security practitioners can implement each EDR security control.
First and foremost, information security practitioners need to understand the principles of software discovery. They need to know, for example, that lackadaisical software management not only increases an organization’s attack surface by introducing unpatched software packages onto the network. It can also cost the company money if the organization maintains more licenses of a software package than it needs or if the network fails and the company needs to invest time and resources in the recovery process.
With those principles in mind, organizations can initiate their engagement with software discovery by building a list of authorized software applications for each endpoint, limiting the number of applications based upon the purpose each device serves, and scanning the network for open ports and services.
Want more out of software discovery? Download Tripwire’s resource here.