Bridge the CAASM to understanding vulnerable IT assets

To best understand threats, you need more than static view of software and hardware that might be vulnerable. Brian “Stretch” Meyer, director of federal sales engineering at Axonius, said organizations need what might be called a longitudinal view that takes into account activity affecting a given asset over time.

He used the analogy of a house. A simple asset inventory will list doors, windows and items of content.

Other solutions, Meyer said, “can log events, or the security tools that record an event or an incident.” Such tools “might tell you, what comes through the door or the window, whether someone closed the door behind you, or how long they stayed in the house, if they broke a vase.”

He added, still more-capable tools should be able to tell you “the amount of windows you have in your house, how many doors that you have. Do those doors have windows, locks and alarms? Which doors do not have locks and alarms? Or that the glass break sensor hasn’t reported back to the kitchen in over a month?”

This type of data lets cyber practitioners keep up with assets as they are added, and correlate events recorded in logs in a predictive fashion. Emerging tools, Meyer said, are also able to abstract the complexities of discovery and event response and present cybersecurity practitioners with a simpler interface. That capability can help shorten training times for badly-needed addition to the cyber workforce.

Ultimately, the purpose of total visibility into hardware and software assets is to have no unknown attack surfaces. Anything can be an attack surface, as organizations learned from the Log4j vulnerability.

Meyer says this is why Axonius positions itself as a tool for CAASM – cyber asset attach surface management. This emerging idea is less a specific product, he said, than an architectural approach. CAASM uses application programming interfaces to integrate the data relevant to asset protection.

“A lot of organizations are having a really fundamental challenge, just understanding what those assets are,” Meyer said. CAASM can help “understand your assets, the basic configuration of those assets, what’s installed on those assets, where those assets are, then understand and correlate data around those assets with other tools in the environment.” The result is greater ability to find gaps in your environment “and to take action against that.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.