Asset Inventory Analysis and Review
Use the following steps to analyze the business environment and lay a foundation for asset identification.
Identify and prioritize business-critical services and applications. This is a crucial step to ensure that assets are categorized by their significance to the organization. This includes items such as:
-
Network diagrams
-
Lists of known assets; If the organization does not have a current list of devices, a list of assets can be created by using SIEM-collected DHCP logs or other similar resources that track assets.
-
Deployment roadmaps
Identify service and application owners and other stakeholders. This step is crucial if any questions arise during the discovery or classification phase, when new assets are discovered or assets are removed. For example, database teams know how many database servers are in operation, disaster recovery teams know how many failover devices are installed at each location, and web development and core infrastructure teams know where their devices are located.
Gather any required compliance requirements to ensure that identified assets are grouped together for compliance purposes. This may include devices that store or process financial information or health-related information, as there are specific regulatory requirements associated with this type of information. Finally, define a remediation workflow for how the organization will assess, analyze, and remove unauthorized devices.
Third-Party Integrations, Non-Traditional Assets, and Modern IT Assets
Organizations need a method to detect non-standard, sensitive, and ephemeral assets. Various methods can be used to detect non-standard assets, such as Operational Technology (OT) and ephemeral cloud assets.
Operational Technology
Operational Technology (OT) is commonly found across many industries including manufacturing, utilities (oil, gas, electric), maritime, rail, and aviation. Due to the convergence of IT and OT and the adoption of Industrial IoT (IIoT), IT environments can contain OT, and OT environments can contain IT. OT includes various types of devices, such as Industrial Control Systems (ICS), Human Machine Interfaces (HMIs), network devices, and IIoT. ICS, which includes Programmable Logic Controllers (PLCs), IO Modules, and Communication Adapters control processes that, if breached, could result in outages of critical components. An attack against OT systems could have significant impact or cause loss of life.
OT Security has the ability to communicate with and passively monitor OT devices in each device’s proprietary protocol to create an asset inventory. OT Security can be configured and customized to the requirements of each unique environment. For more information about OT Security, reference the OT Security Product Page
Tenable Vulnerability Management Service Now Integration
The Tenable Vulnerability Management Assets View integrates with the ServiceNow Configuration Management Database (CMDB). The ServiceNow Identification Reconciliation Engine (IRE) reconciles the assets pulled in from Tenable Vulnerability Management and matches each asset to existing Configuration Items (CIs) to enrich the record with Tenable-discovered data and create a unified view of assets. This information can be used to create a more comprehensive asset inventory and vulnerability scanning strategy. For more information, reference: Tenable for ServiceNow Integration
Cloud Connector Integration
There are a number of Tenable Vulnerability Management Cloud Connectors available to assist with keeping an up-to-date, accurate asset count as cloud assets are deployed and decommissioned, such as: Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). For more information, reference: Tenable Cloud Connectors Documentation