Back to Basics: Why Better Asset Visibility Matters in Your Security Program

By

According to the most basic level of the Incident Response Hierarchy, security teams must be able to name all the assets they are defending and have visibility across all these assets. Modeled after Maslow's Hierarchy of Needs, this means asset visibility is a fundamental requirement for security programs to reach maximum effectiveness.

Maslow's Hierarchy of Needs is a psychology theory about the human needs that drive motivation to achieve full potential. It's often represented in a tiered model and usually looks something like this:

maslow-needs2


https://www.simplypsychology.org/maslow.html

By satisfying the most basic needs at the bottom of the pyramid, human beings build on the fundamentals and take steps toward self-actualization. Gaps in the lower tiers inevitably cause obstacles advancing upward, thus impeding the fulfillment of their full potential.

Here's a glimpse at Swann's Incident Response Hierarchy:

hierarchy

 

The basic tiers of inventory and telemetry focus on seeing your assets across the various environments they reside. Clear sight of assets means we must go beyond the traditional methods of seeing them (lists and documentation in disparate systems) and actually understand the relationships between these assets - the metadata and ways these assets interoperate. Note: JupiterOne ingests this data through integrations and represents these relationships through our graph model, aka the Galaxy View.

From this data, we can build a baseline of activity. As we track our baseline, we gain rich context to understand and act in the next two tiers - detection and triage. The business impact of unauthorized activity can be shown through the context of the vulnerable assets. In JupiterOne terms, we call this the "blast radius." Clearly communicating business impact can drive prioritization of risk mitigation.

 

plateaus

 

Just like in Maslows' hierarchy, any gaps in the lower tiers, like asset visibility, make it increasingly difficult to tackle the tiers higher in the pyramid.

If we look at another framework - the NIST Cybersecurity Framework - the first function listed is Identify  – develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.

Screen Shot 2021-05-12 at 5.22.35 PM

"Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs."

A common outcome category for this function is Asset Management. However, traditional IT asset management (ITAM) and cloud asset inventory management tools have gaps in asset visibility and don't see the whole picture.

Traditional ITAM sticks w/ the legacy way of defining assets:

  • On-Premise Software Tools
  • Cloud-Based Software Apps
  • Employee Hardware
  • IT Hardware
  • Virtual IT Assets
  • Bespoke IT Assets
  • Serverless Platform Assets (containers, functions, message queues, etc.)
  • Valuable Data or Personal Information (user information, etc)
  • Development Resources (code repos, pull requests, commits)

It's not uncommon for organizations to implement multi-cloud and hybrid cloud environments to run their digital operations. Cloud adoption, digital transformation, and API-based infrastructure and security tooling are fundamentally changing how we build, manage, govern, and secure the enterprise. These three shifts in technology necessitate a transition to a modernized definition of an asset. In the new world, these are called cyber assets.

Where it used to be simple, businesses must now reinvent how to track, monitor, and govern a new "cyber asset" collection in order to step up their game to survive in the modern digital world.

If "seeing" is at the basis of every security framework in existence and is the first fundamental step to building your security program, then we ought to get it right and be able to see it all, no matter how complex your digital infrastructure might be.

To learn more about the rise of the software-defined cyber asset, download our whitepaper, "Modern  'Visibility' for Cybersecurity and IT Asset Management."

Download the Whitepaper

 

Ashleigh Lee
Ashleigh Lee

I binge on noodles and do marketing things.

To hear more from Ashleigh, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

Shopping for DSPM tools - What to know and where JupiterOne fits in
May 30, 2023
Blog
Shopping for DSPM tools - What to know and where JupiterOne fits in

When are Data Security Posture Management tools useful and how can JupiterOne be used for basic DSPM functions?

2023 SCAR expands on context and depth of analysis over inaugural report
May 19, 2023
Blog
2023 SCAR expands on context and depth of analysis over inaugural report

The 2023 SCAR report builds in some important contextual analysis of the findings, including company size breakdowns and CSP adoption details.

Why IT teams should be using JupiterOne, Part 3
May 16, 2023
Blog
Why IT teams should be using JupiterOne, Part 3

JupiterOne can assist many functions within your IT department, including one very visible and important team: Help Desk Support.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.