Shining a light on the stealth devices in your IT estate
The modern IT landscape is growing more complex every day. It’s predicted that more than $5.61 trillion will be spent on IT this year as companies continually expand their estates.
This perpetual growth means that keeping track of everything within the IT infrastructure is becoming increasingly challenging and many organizations operate with significant blind spots in their networks.
This gives rise to the ‘unknown unknowns’ – devices that are unmonitored and unmanaged but can still access critical corporate assets. These are the most dangerous kinds of security gaps, creating vulnerabilities that cannot be closed because they are not even on the radar.
It’s time to get past any assumption that “what you can’t see won’t hurt you” – cyber attackers are specifically hunting for the hidden vulnerabilities that organizations overlook.
The problem with traditional IT asset management
These security gaps aren’t typically the result of a lack of effort or investment, but a natural byproduct of IT and security teams either not having the right tools or not using their tools effectively. Some teams discover 15-30% more devices that were totally off their radar even though they have been conducting manual audits regularly.
Much of this false sense of security is the result of traditional tools that aren’t capable of seeing the big picture. Many agent-based scanners and on-premises security tools only give a narrow view and fail to detect all assets on the network. A device might appear to be secure through the metrics of one tool but actually lack critical controls when linked with other data across the system.
This is exacerbated by highly fragmented IT landscapes. Siloed teams and disconnected tools make it impossible to achieve a unified approach to security. Each team might believe they have control of what they can see, but their data doesn’t align. Without an easy way to correlate and compare data and processes, the dots won’t be connected.
Inefficient, manual-heavy processes also limit teams to conducting periodic audits. With IT environments evolving on a daily basis, these audits are outdated the moment they’re completed.
Why these gaps are the biggest security risks
The cracks in security visibility can appear in multiple forms. One of the most common issues is employees accessing corporate systems via unmanaged devices. This is particularly prevalent when Bring Your Own Device (BYOD) policies are combined with flexible working but without the controls to back it up. Many people are still accessing corporate data using home laptops that are completely outside of the IT department’s control. This situation means ignoring a threat sitting right on your network.
We also often find networks containing dormant or misconfigured assets that appear to be safe and compliant on the surface. Our data finds around 10% of devices lack essential cybersecurity controls, and 20% aren’t properly configured. In the worst case scenario, controls aren’t functioning at all.
Audit reports may also indicate that a system is offline, but it is actually still communicating with corporate networks and, therefore, still an active security risk.
These unseen and unsecured devices are highly vulnerable to cyberattacks, providing an opportunity for threat actors to gain a foothold in the network without triggering any security alerts. Compromising an unmonitored personal machine offers a cybercriminal an easy path in, enabling them to access sensitive information on the network and exploit channels like email for Account Takeover (ATO) attacks.
How organizations can close the visibility gap
If an organization doesn’t know an asset exists, it has no chance of securing it. So how do teams start finding and accounting for these dangerous unknown unknowns?
The first step is to equip IT and security teams with the right tools, along with the expertise and processes to use them. We often find companies have invested heavily in a full suite of solutions, but many of them aren’t being used effectively or may be unnecessary for the company’s needs.
This means that, even with these investments, they may not have a clear picture of the security health of their estate. It’s not about frequency, it’s about approach. To reliably find and close these gaps, security teams need both a complete view of their entire network and everything accessing it, and the assurance that this picture is completely accurate and up to date.
A Cyber Asset Attack Surface Management (CAASM) strategy is central to achieving this visibility and control. This takes a highly automated approach to asset discovery, building a list based on what is actually connected to the network and accessing systems, rather than an outdated inventory.
Once a clear and accurate picture of all assets has been established, it’s possible to start delving into how secure each device is. This means establishing if the right security controls are installed, whether they are actually functional, and if they have been properly configured. Proper validation is essential – it’s never enough to just assume controls are working.
From here, it’s crucial to keep up continuous, real-time monitoring for all assets. Again, automation is key as manually correlating IT asset data is impossible at scale. Automated tools can compare access logs with IT inventories in real-time and flag inconsistencies.
It’s also important to move away from device discovery alone and account for application access patterns. Security teams should have a clear view of what devices are accessing key applications and data so that they can spot anomalies such as access attempts from devices outside the managed asset list.
Eliminating the blind spots for good
Security frameworks like Cyber Essentials, ISO 27001 and NIST CSF can provide a good starting point for prioritizing security needs and improving visibility. However, organizations need to foster a culture where unidentified assets are proactively identified and secured. Even a single unmanaged device can open the door to a major breach, so detecting them must be embedded into daily operations, not treated as an annual or quarterly audit task.
The reality is that many organizations are unaware of the extent of their IT blind spots and have a chance of closing the gaps with their current capabilities. If you don’t have full visibility, you’re making security decisions based on incomplete data. It’s like locking your front door while leaving the windows wide open – and then pulling the blinds down so you can’t see the issue.
Check out the best IT asset management software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro