A company’s security tools are a vital resource. These tools matter in many ways. These actions will help agencies prepare for the transition towards a zero trust environment.
Make a Complete Security Tool List
First, determine what security tools you have. This initial list does not include a complete inventory of the versions of each tool that are installed on each platform, but that information will be added later.
This is a list of security tools your agency uses or could use in the future. It can include products that are currently being procured, or software that has been recently acquired but not yet deployed.
Your organization may already have an inventory of security tools. If so, you just need to make sure it is current. If not, you will need to review your current asset inventories, talk with or survey IT and cybersecurity professionals throughout the business, and check active and recent procurements of security tools.
You should be aware that certain security tools are preinstalled and built into platforms. Don’t forget to add them to your list.
Once you know which security tools are already in your possession, you can identify which tools to use and which ones should be retired. You should also identify gaps that require additional software and ensure that the tools are secure.
Next, you can use automation to locate security tools installed on platforms connected to your network. This information may already be collected by the business through its asset management technology or services.
MORE SECURITYFind out how to implement zero trust within your organization.
Take a closer look at what’s outside the Network
Finally, you can use automation to find security tools outside your network and collect more information.
Most organizations have many security tools that are not part of their networks. These include cloud deployments, mobile devices, remote work platforms, and mobile devices. This is usually done by combining lists of different technologies, including vulnerability management solutions, asset management products and other security tools.
Organizations must also collect additional information on all tools, regardless where they are located. For example, which versions are being deployed and which platforms are running each.
This information should be continuously collected using automation to maintain an inventory that reflects what was used where, rather than a static, conventional inventory that is only updated once a year.
For zero-trust environments, static inventories are unacceptable. An inventory that is dynamic and continuously updated can be used to verify that all tools are available at all times to the organization’s endpoints, containers, and other network components.
A reasonably accurate and current inventory of all security tools within the agency is helpful not only in designing and implementing zero-trust architectures but also for prioritizing vulnerabilities management actions (such patching and security configuration) as well as other security controls within an environment to protect the security tools.
An attacker could gain unauthorised access to and control over platforms within an enterprise through a compromised security tool. It is important to monitor versions and configurations of security software and quickly address any vulnerabilities.
