Recent high profile cyber threats have raised the public’s awareness of vulnerability management to new heights. With the recent WannaCry threat, we learned first-hand the dangers un-patched infrastructure can have in your environment. From hospitals, to financial institutions, and critical government services, no industry or country was left unscathed.
While quick (and some would say lucky) action by a few key experts averted a major crisis by shutting off system access, IT administrators far and wide were left with the daunting task of ensuring all critical patches were applied. While the subject of how these patches get applied will be left for another discussion, one of the biggest challenges is to get an accurate and complete inventory of ALL IT assets located in and connected to the enterprise.
Back when the average company had assets numbering in the low hundreds, this could be accomplished in several ways, from physically counting devices, to simple, home-grown tools. With the advent of virtualization and cloud computing, the size and complexity of enterprise IT infrastructure has exploded into the realm of the near unmanageable. Now IT administrators are faced with the task of managing thousands of devices, often in complex hybrid cloud environments.
The previous methods of tracking these assets no longer work. Online is seeing a trend where the average company has 12 – 15% of their assets undiscovered, unmanaged, and worse yet, unpatched. This is troubling from an efficiency and cost perspective, but even worse, it can leave a gaping hole for your environment to be compromised by cyber threats.
Companies are also facing increased pressure from regulatory bodies to get a better handle on their assets. Auditors are finding that companies are seriously challenged with Completeness and Accuracy (C&A) of Information Provided by the Entity (IPE), with particular respect to their asset populations. This can lead to failure of compliance audits, costly remediation efforts, and significant fines.
Online believes that a cornerstone to solving this challenge is the industry leading BMC Discovery solution. With its “start-anywhere”, cloud-enabled technology, BMC Discovery can quickly discover detailed information on 100% of your IT assets, wherever they reside. More importantly, BMC Discovery will show how assets are connected and dependent of each other, which provides security and IT professionals with important contextual information, enabling them to make informed decisions on remediation priorities. In a recent conversation with a senior Security executive at a utility company, he stated that “the biggest challenge we have is the lack of an accurate IT Asset inventory. The cloud and Shadow IT has made our ability to protect our company significantly more difficult.”Online is a long time partner with BMC and we have tightly integrated BMC Discovery into our Online Security Integration Framework. To learn more about how Online and BMC can help improve your security posture, visit our Security Integration Framework Resource Centre. If you would like to continue the conversation, feel free to leave a comment below.