Back to Basics: Why Better Asset Visibility Matters in Your Security Program

By

According to the most basic level of the Incident Response Hierarchy, security teams must be able to name all the assets they are defending and have visibility across all these assets. Modeled after Maslow's Hierarchy of Needs, this means asset visibility is a fundamental requirement for security programs to reach maximum effectiveness.

Maslow's Hierarchy of Needs is a psychology theory about the human needs that drive motivation to achieve full potential. It's often represented in a tiered model and usually looks something like this:

maslow-needs2


https://www.simplypsychology.org/maslow.html

By satisfying the most basic needs at the bottom of the pyramid, human beings build on the fundamentals and take steps toward self-actualization. Gaps in the lower tiers inevitably cause obstacles advancing upward, thus impeding the fulfillment of their full potential.

Here's a glimpse at Swann's Incident Response Hierarchy:

hierarchy

 

The basic tiers of inventory and telemetry focus on seeing your assets across the various environments they reside. Clear sight of assets means we must go beyond the traditional methods of seeing them (lists and documentation in disparate systems) and actually understand the relationships between these assets - the metadata and ways these assets interoperate. Note: JupiterOne ingests this data through integrations and represents these relationships through our graph model, aka the Galaxy View.

From this data, we can build a baseline of activity. As we track our baseline, we gain rich context to understand and act in the next two tiers - detection and triage. The business impact of unauthorized activity can be shown through the context of the vulnerable assets. In JupiterOne terms, we call this the "blast radius." Clearly communicating business impact can drive prioritization of risk mitigation.

 

plateaus

 

Just like in Maslows' hierarchy, any gaps in the lower tiers, like asset visibility, make it increasingly difficult to tackle the tiers higher in the pyramid.

If we look at another framework - the NIST Cybersecurity Framework - the first function listed is Identify  – develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.

Screen Shot 2021-05-12 at 5.22.35 PM

"Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs."

A common outcome category for this function is Asset Management. However, traditional IT asset management (ITAM) and cloud asset inventory management tools have gaps in asset visibility and don't see the whole picture.

Traditional ITAM sticks w/ the legacy way of defining assets:

  • On-Premise Software Tools
  • Cloud-Based Software Apps
  • Employee Hardware
  • IT Hardware
  • Virtual IT Assets
  • Bespoke IT Assets
  • Serverless Platform Assets (containers, functions, message queues, etc.)
  • Valuable Data or Personal Information (user information, etc)
  • Development Resources (code repos, pull requests, commits)

It's not uncommon for organizations to implement multi-cloud and hybrid cloud environments to run their digital operations. Cloud adoption, digital transformation, and API-based infrastructure and security tooling are fundamentally changing how we build, manage, govern, and secure the enterprise. These three shifts in technology necessitate a transition to a modernized definition of an asset. In the new world, these are called cyber assets.

Where it used to be simple, businesses must now reinvent how to track, monitor, and govern a new "cyber asset" collection in order to step up their game to survive in the modern digital world.

If "seeing" is at the basis of every security framework in existence and is the first fundamental step to building your security program, then we ought to get it right and be able to see it all, no matter how complex your digital infrastructure might be.

To learn more about the rise of the software-defined cyber asset, download our whitepaper, "Modern  'Visibility' for Cybersecurity and IT Asset Management."

Download the Whitepaper

 

Ashleigh Lee
Ashleigh Lee

I binge on noodles and do marketing things.

To hear more from Ashleigh, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

The top 11 questions that every CISO should be able to answer
January 30, 2023
Blog
The top 11 questions that every CISO should be able to answer

In part one of this two-part series, we polled some of our top security experts to see what it takes to succeed secure and manage resources effectively.

Best of Cyber Therapy, Season 1
January 25, 2023
Blog
Best of Cyber Therapy, Season 1

Take a look at the top 5 episodes from Season 1 of Cyber Therapy, a video podcast featuring the humans of cybersecurity!

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.