Every organization’s asset management inventory system should include an asset discovery tool that continuously maps devices on your internal network, an up-to-date asset database, and an up-to-date configuration management database.
Don’t just rely on what you think you know based on previous inventories; keep doing continuous discovery on your network to find new or modified endpoints. When you discover a new asset, proactively investigate to understand why it's not in the inventory and take steps to ensure this doesn't happen again. It’s important to see what OS the server is running, and what software versions and tools are in use to help support the security team identifying vulnerable systems and applications.
Endpoint detection and response (EDR) solutions can also help organizations improve visibility into their infrastructure. Most will identify connected endpoints that are not running an EDR, helping to detect anomalous activities and reduce response time. Extended detection and response (XDR) solutions can go beyond on-premises devices to include cloud resources and identities.
You don’t want to have to do asset inventory during a crisis. As part of an incident response, forensics firms will do an inventory for containment purposes. From there, they’ll look backwards in time to understand IOCs [indicators of compromise]. It’s way better (and less expensive!) to have done the inventory in advance.Luke GreenStrategic Partnership Lead - Cyber Services