Do you know how many assets are on your network right now? I’m talking exactly how many, without a shadow of a doubt. Don’t feel bad if you can’t answer this with a confident “of course I can!” If you can’t, you are in the (unfortunate) majority. Although at first glance, you might think “of course I can answer that, my agent-based software-updating software tells me I have 2,000 workstations and 1,000 servers” or “of course I can answer that, there are 3,457 computer objects in Active Directory” but in reality, it’s not that easy.
The unfortunate truth is that many organizations have no idea how many devices are on their network, or what individuals are doing on those devices. For example, how many organizations disable all open ports throughout their building and only enable them upon request? Furthermore, out of those who answer “yes, I do that” to the previous question, how many are securing existing ports in use to automatically disable if it detects a different MAC address on that port? If these safeguards are not implemented on physical network ports, any visitor (or employee) can connect whatever network device they want. Think of all the open physical wall jacks in your building, if they are all hot, all of those ports are ways folks can start infiltrating your network.
I’ve personally seen an employee plug up a Linksys router on an open port in a conference room because they wanted WiFi for their phone. Think about that, a completely open access point directly plugged in to your internal network. The only way it was discovered was an access point/WiFi reconnaissance scan conducted by the security team. Who knows how long it had been on the network, who had connected to it, or what those individuals did while on the network. So, with all that said, are you really comfortable relying on Active Directory or your agent-based A/V or agent-based patching solution to tell you what’s on your network?
You cannot secure what you do not know about, thus, finding the unknowns in your network and maintaining a complete asset inventory is the first step in building a secure network. A great way to start identifying what is in your network is by conducting asset discovery scans. Typically, asset discovery is bundled in with vulnerability scanning that is conducted during hours of low network activity. By scanning daily, and alerting on any new assets that appear on your network segments, you can ensure that you are not only building a list of known assets, but also discovering any unknowns that may be on your network. By taking this first step of discovery of both assets and the vulnerabilities on those assets, you are building the foundation for a secure network.