The average security team is responsible for 165,633 cyber assets and is likely to have additional ghost assets lurking in their environments. Cyber asset identification is a prerequisite for any security program. After all, you can’t secure what you can’t see. Yet too many security teams are manually keeping track of cyber assets, a practice that’s time consuming, frustrating, and woefully ineffective.
Most practitioners know this intuitively, especially if they’ve ever been in charge of conducting or updating a cyber asset inventory. But when you quantify just how much you can save (in time and risk) when you have a better solution for cyber asset identification, the case for updating your tooling becomes clear.
Why is cyber asset identification so difficult to do manually?
Expanding attack surface
Organizations own more cyber assets than ever before, and this number is only going to grow. Meanwhile, attackers are more motivated than ever, as it has become increasingly easy for them to monetize cyber crime. The sheer volume of assets and threats makes cyber asset identification both more important and more challenging, and it’s simply no longer possible for individual humans to keep up.
Shadow IT & ghost assets
The problem of shadow IT and ghost assets has been well documented by security and IT professionals. Browser-based SaaS tools are easy for any employee to sign up for and link to company data, and without strong controls in place to prevent, recognize, or regulate this, you’re likely to have unidentified cyber assets connected to your environment.
Look, we love Excel. It’s a great tool, and we can easily understand assets that are organized and communicated in a spreadsheet format. But spreadsheets have limits, and given the scale and challenges of cyber asset identification discussed in the previous two points, it should be obvious why your handy-dandy spreadsheet won’t cut it any longer.
The impact of saving time on cyber asset identification
JupiterOne recently commissioned Forrester Consulting to complete a Total Economic Impact™ study. Forrester interviewed JupiterOne customers anonymously and evaluated the impact of using JupiterOne in order to model the return on investment possible with JupiterOne.
What they found regarding cyber asset identification is significant:
With JupiterOne, the composite experiences an 85% reduction in the number of SecOps resource hours devoted to manual investigation and identification of cyber assets.
That time savings is incredible! Forrester estimates that the SecOps efficiencies from JupiterOne are worth over half a million dollars over three years. To read the study and see these stats in context, click here.
Cyber asset inventory with JupiterOne
Conducting a cyber asset inventory with JupiterOne is easy, because all of your cyber assets and their relationships with one another, are normalized and listed in the same place automatically.