Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Master Your Security Foundation: Know Your Devices

Knowing what assets you have is arguably the single most important security control. If you don’t know about a server, desktop, laptop, mobile device or network device, how can you manage and secure it? For that matter, what about cloud instances, virtual machines, and containers?

Fewer than 50% of surveyed organizations have implemented automated controls to inventory the systems and devices connected to their networks

In Q4 of last year, Tenable and the Center for Internet Security (CIS) conducted a survey of 319 IT security decision makers at companies with more than 100 employees. We found that fewer than 50% of the surveyed organizations have implemented automated controls to inventory the systems and devices connected to their networks. I was alarmed by such low control adoption because, as the following table indicates, knowing what is on your network is an important control in virtually all security frameworks and compliance standards.

Standard

“Know What you Have” Control Objective

PCI DSS

Maintain an inventory of systems that are in scope for PCI DSS.

NIST Cybersecurity Framework

Physical devices and systems are inventoried.

ISO/IEC 27002:2013

Inventory of assets.

NIST 800-53 rev 4

Information system inventory.

CIS Controls

Inventory of authorized and unauthorized devices.

Note: The CIS Controls were formerly known as the Center for Internet Security Critical Security Controls (CSC).

CIS Controls

The CIS rates Inventory of Authorized and Unauthorized Devices as the most important security control

The CIS Controls (formerly the SANS Top Twenty) is a prioritized list of security controls developed by an international community of security professionals and institutions. The CIS rates Inventory of Authorized and Unauthorized Devices as the most important security control. This prioritization is designed to guide organizations to:

invest first in controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.

The phrase “can be feasibly implemented in your computing environment” deserves additional discussion because “feasibly implemented” does not translate to “easily implemented.” The control’s more detailed description:

Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access and unauthorized and unmanaged devices are found and prevented from gaining access

offers insight about potential implementation challenges.

Managing devices by policy

Are you identifying unauthorized devices and preventing them from accessing your network?

The question of “What do you have?” has been expanded to “Are you identifying unauthorized devices and preventing them from accessing your network?” Preventing unauthorized device access starts with a policy, and organization management must buy into the policy and define any allowable exceptions. Otherwise, the policy will likely be undermined when influential people complain that they can’t connect their personal devices to the network.

Controlling which devices can connect to your network delivers benefits to both security and IT teams. From a security perspective, having only authorized devices on your network allows you to actively manage them to detect and remediate unauthorized software, misconfigurations, vulnerabilities and malware. Benefits also accrue to the IT organization. Having only authorized devices on the network increases network availability and eliminates the break-fix costs that inevitably result from troubleshooting problems often associated with one-off, unauthorized devices.

After the policy is established, automated supporting controls must be implemented to achieve the control objective.

More information

The CIS Controls include six sub-controls that support Inventory of Authorized and Unauthorized Devices. A detailed discussion of these sub-controls is beyond the scope of this blog – but not to worry. Tenable is hosting a webinar on May 3rd, and we will dive into the details, show you how Tenable can help, and answer questions. This webinar is the first of a five-part series that will explore each of the CIS Foundational Cyber Hygiene controls. Brian Ventura, a SANS community instructor, will be our expert guest presenter. Brian teaches a 2-day course: Critical Security Controls: Planning, Implementing and Auditing. He has also taught a 5-day course: Implementing and Auditing the Critical Security Controls – in Depth. In addition to presenting valuable content, we will reserve time for questions and answers.

Look for future blogs where I will discuss the remaining Foundational Cyber Hygiene controls:

  • Inventory of authorized and unauthorized software
  • Secure configurations for hardware and software
  • Continuous vulnerability assessment and remediation
  • Controlled use of administrative privileges

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training