Inside the Firewall: The Critical Role of Asset Discovery

The corporate firewall, endpoint protection and email security solutions rightfully comprise the foundation of a modern cybersecurity program. These systems operate under rules-based logic and, in simplified terms, act on these rules to halt any actor that breaks them. For example, a firewall can be configured to log network activity originating from an IP address that doesn't match those explicitly identified as being allowed, and to block such traffic entirely from reaching corporate systems. 

Unfortunately, attacks don't always conform to expectations, and firewall-related security can fail on two fundamental levels: 

1. Sophisticated external attacks may conform to the rules specified by network administrators, in which case a firewall may have no basis for which to stop an intruder.
2. Attacks don't always originate from "the outside". Successful breaches are often attributable to insiders such as rank-and-file employees. While these may involve voluntary collusion on the part of an employee, they're more likely a result of accidents caused from a lack of training, poor judgment, or downright negligence on the part of the unknowing insider.

A focus on external threats, then, leaves a gaping hole in an organization's security posture if there's not a solution in place to isolate potential threats once inside. 

What's more, an unwanted intrusion is not necessarily identifiable by so-called "malicious" behavior, such as repeated failed login attempts or unexpected software installations… at least not early on. A successful hacker may spend a good amount of time in exploration, seeking to understand more about what's on a network and the protections that are in place before attempting to do anything expressly forbidden or that might trigger further scrutiny. This time period between an initial breach and a subsequent incident—known in cybersecurity circles as dwell time—might be minutes, hours, days, or even weeks. How, then, can guardians of the corporate network recognize a threatening intrusion before an irreversible and costly incident erupts?

Enter asset discovery, which plays a vital role in addressing this security gap. Through identifying and logging every device that connects to the network—from the company-managed computer to the personal smartphone and beyond—asset discovery is not only about detecting potential threats but also about understanding the normal functioning of each device through profiling. By establishing a baseline of normal activity, any deviation can indicate a potential security concern.

Asset discovery allows for new devices joining the network to be isolated from vulnerable corporate assets until they are determined to be not threatening. And it provides a means for any traffic—whether or not that traffic bypasses security gates like firewalls or email protection—to be flagged as a concern if it falls outside of what is considered normal for the originating device.

Some use cases practically beg for an asset discovery solution. With the rise of IoT (Internet of Things) devices like thermostats, cameras, and any number of other headless devices comes a bigger challenge—and therefore an even greater need—to know what devices are on the network and what they're doing. As another example, organizations dealing with large numbers of "stranger" devices (e.g., those belonging to employees or visiting clients ) on the network stand to gain great value from an asset discovery capability through lowering their own risk of a cyber incident, as well as through mitigating liability risks by leveraging network policies that prevent potentially malicious cross communication among these guest devices. 

Asset discovery is often considered as a secondary tier of corporate network security, but its value might suggest a higher importance and far greater consideration than indicated by current adoption rates. Current solutions on the market are numerous, whether baked into or integrated with larger security offerings from major vendors like Cisco and Palo Alto, or offered up as standalone, pure-play and more tech-agnostic solutions from vendors like Armis… and we're barely scratching the surface. Please call Prescriptive Data Solutions today to learn more about whether asset discovery and profiling make sense in your environment, or about what solutions may be the best fit for your organization.