Transient cyber assets: managing the unmanageable

|
Updated

Transient assets can introduce unique challenges to tracking asset inventory and securing your network, especially in the education sector. Students and faculty rely on a diverse range of personal devices and expect to be able to use them everywhere, resulting in high ratios of transient devices on those networks. The term "transient assets" refers to assets that regularly connect and disconnect from your network or other assets. As defined by Applied Risk, a "transient cyber asset is a portable device, such as an operational laptop, which is capable of processing or transporting executable code." While laptops are often thought of first, mobile devices, IoT devices, and many other device types can be transient if they aren't always connected to your network. While the surge of remote work and resultant bring-your-own-device (BYOD) has brought the challenge to the doorstep of many industries, the educational sector has been juggling the security implications of transient assets for years.

What's the problem? #

Transient devices aren't inherently problematic, but failing to track them as part of your inventory can cause security gaps. While organizations that commonly have short-term visitors can segregate a guest network from the rest of the environment, some organizations that see a lot of transient devices need to allow authenticated access to their internal network and data.

Educational organizations tend to see some of the highest ratios of transient devices as students and faculty come and go. Students and faculty are often provisioned accounts and accesses much like staff or employees. As a result, it is especially important to effectively inventory and track these transient devices so that access to internal assets or data can be monitored.

The core security concern related to transient assets is that they are often unknown and unmanageable. While unmanaged devices are a challenge in their own right, transient devices are sometimes better described as unmanageable. Normal BYOD or device provisioning policies can require enrollment in management platforms, but that isn't typically an option for handling transient devices. As an example in the education sector, students (and their parents or guardians) are unlikely to agree to have their personal devices monitored at the host-level, so the institution needs to be able to build their inventory from network scanning.

On the radar #

Grabbing the list of unique MAC addresses connecting to your network over time is a common first step to understanding the scope of transient devices, but that method won't tell you much about the asset or give you a complete inventory over time. Network scanning is essential to fill in the gaps, and an effective scanning tool can provide detailed information about the assets discovered. Not only will you have a list of IP:MAC address pairings, but you'll know about device types, hardware, operating systems, and first and last seen dates. Once you have a sense of the scope of those attributes and network traits like commonly detected ports, protocols, and services, you can start categorizing assets until you have a clear picture of what assets show up where and when. From this baseline, you can better identify anomalies and abnormalities, supplementing your security tools with accurate asset attributes so that you can track down problems or security violations.

Zero unknown assets #

Building a complete inventory of assets connecting to your network is easy with runZero. The unique combination of unauthenticated active network scanning with comprehensive asset fingerprinting will help you build and maintain a context-rich asset inventory. From there, you can leverage sites, tags, and rules to categorize assets based on the unique needs of your organization. runZero readily detects when assets get new IP addresses and can even notify you by email or Slack, reducing asset duplication in environments with high numbers of transient devices being assigned IP addresses dynamically. Paired with detailed asset attributes, you can use your runZero inventory to really understand what’s on your network at any given time.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved