Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Asset Management


Cybersecurity Asset Inventory in Your Home

Back in 2015, we published an article about the third party risks that are introduced into a home network. Now, eight years later, it is a good time to revisit the landscape of the home network. If we think about the technology in most homes in 2015, it was fairly sparse, consisting only of a router with an internet connection. The speed of most home internet connections was well below 100Mbps.


The Cybersecurity Risks of Unmanaged Internet-facing Assets

Because unmanaged assets are not continuously monitored for security risks, they likely contain cybersecurity exposures, like software vulnerabilities and cloud security misconfigurations. When these assets are connected to the internet, they become active attack vectors heightening your risk of suffering a data breach. If you’re looking for ideas for reducing your organization’s attack surface, start by locating and decommissioning unmanaged internet-facing assets.

Leveraging Security Asset Inventories

Asset inventories enable you to know what you have to secure, and to monitor it for deviations. The pace of iteration in the world of software engineering makes those platforms inevitable. In this episode we welcome Sacha Faust, director of security engineering at Grammarly, who built Cartography, one of the first open source asset inventory. Sacha describes what led them to building this (funnily: an offensive use case!), how inventories enable spreading ownership to software teams, the solution that exist off the shelf today, …

The Importance of Passive Asset Discovery

Asset discovery is the ability to provide visibility of all devices located within an organization with limited or no human interaction. Most organizations often attempt to manually create a list of their assets in a shared document, such as a spreadsheet, or a small database, making changes whenever a new device is either added or removed. This process is deceptively manageable when organizations are relatively small and not that complex.


How Tagging Helps You Identify Risk Faster

One of the most critical factors to effective cybersecurity is time. The longer a vulnerability remains unaddressed, the more opportunity you give hackers to get into your system and wreak havoc. Think about it like this: imagine that you leave your laptop bag sitting on the passenger seat of your car. If you run into the store to get milk but forget to lock the door, the odds are that the laptop bag will still be there when you get back.


CIS Control 1: Inventory and Control of Enterprise Assets

Unless you know what IT assets you have and how important each of them is to your organization, it’s almost impossible to make strategic decisions about IT security and incident response. Indeed, inventory and control of enterprise assets is so important that it is the first in the set of Critical Security Control (CSCs) published by the Center for Internet Security (CIS).


CIS Control 4: Secure Configuration of Enterprise Assets & Software

Maintaining secure configurations on all your IT assets is critical for cybersecurity, compliance and business continuity. Indeed, even a single configuration error can lead to security incidents and business disruptions. Control 4 of CIS Critical Security Controls version 8 details cyber defense best practices that can help you establish and maintain proper configurations for both software and hardware assets.


CIS Control 2: Inventory and Control of Software Assets

Modern organizations depend upon a dizzying array of software: operating systems, word processing applications, HR and financial tools, backup and recovery solutions, database systems, and much, much more. These software assets are often vital for critical business operations — but they also pose important security risks.