See runZero in action

Contact us to book a demo with our team.

Transient assets: managing the unmanageable

(updated ), by Megg Daudelin

Transient assets can introduce unique challenges to tracking asset inventory and securing your network, especially in the education sector. Students and faculty rely on a diverse range of personal devices and expect to be able to use them everywhere, resulting in high ratios of transient devices on those networks. The term “transient assets” refers to assets that regularly connect and disconnect from your network or other assets. As defined by Applied Risk, a “transient cyber asset is a portable device, such as an operational laptop, which is capable of processing or transporting executable code.” While laptops are often thought of first, mobile devices, IoT devices, and many other device types can be transient if they aren’t always connected to your network. While the surge of remote work and resultant bring-your-own-device (BYOD) has brought the challenge to the doorstep of many industries, the educational sector has been juggling the security implications of transient assets for years.

What’s the problem? #

Transient devices aren’t inherently problematic, but failing to track them as part of your inventory can cause security gaps. While organizations that commonly have short-term visitors can segregate a guest network from the rest of the environment, some organizations that see a lot of transient devices need to allow authenticated access to their internal network and data.

Educational organizations tend to see some of the highest ratios of transient devices as students and faculty come and go. Students and faculty are often provisioned accounts and accesses much like staff or employees. As a result, it is especially important to effectively inventory and track these transient devices so that access to internal assets or data can be monitored.

The core security concern related to transient assets is that they are often unknown and unmanageable. While unmanaged devices are a challenge in their own right, transient devices are sometimes better described as unmanageable. Normal BYOD or device provisioning policies can require enrollment in management platforms, but that isn’t typically an option for handling transient devices. As an example in the education sector, students (and their parents or guardians) are unlikely to agree to have their personal devices monitored at the host-level, so the institution needs to be able to build their inventory from network scanning.

On the radar #

Grabbing the list of unique MAC addresses connecting to your network over time is a common first step to understanding the scope of transient devices, but that method won’t tell you much about the asset or give you a complete inventory over time. Network scanning is essential to fill in the gaps, and an effective scanning tool can provide detailed information about the assets discovered. Not only will you have a list of IP:MAC address pairings, but you’ll know about device types, hardware, operating systems, and first and last seen dates. Once you have a sense of the scope of those attributes and network traits like commonly detected ports, protocols, and services, you can start categorizing assets until you have a clear picture of what assets show up where and when. From this baseline, you can better identify anomalies and abnormalities, supplementing your security tools with accurate asset attributes so that you can track down problems or security violations.

Zero unknown assets #

Building a complete inventory of assets connecting to your network is easy with runZero. The unique combination of unauthenticated active network scanning with comprehensive asset fingerprinting will help you build and maintain a context-rich asset inventory. From there, you can leverage sites, tags, and rules to categorize assets based on the unique needs of your organization. runZero readily detects when assets get new IP addresses and can even notify you by email or Slack, reducing asset duplication in environments with high numbers of transient devices being assigned IP addresses dynamically. Paired with detailed asset attributes, you can use your runZero inventory to really understand what’s on your network at any given time.

Try asset discovery scanning with runZero

Let us help you find all the transient devices in your organization.

Try runZero
Join our team
Megg Daudelin
Written by Megg Daudelin

Megg Daudelin is the Product Enablement Content Manager at runZero. She joined the cybersecurity industry over ten years ago as a digital forensic analyst before branching into network security. Megg also supports the industry as an adjunct professor, career mentor, and technical editor.

Similar Content

April 13, 2023

Asset inventory is foundational to security programs

Asset inventory is the foundation of a strong cybersecurity posture. It is often considered the first step in identifying vulnerabilities and potential risks to your organization’s security.

March 13, 2023

The role of asset ownership in the Equifax breach

Equifax lacked adequate cyber asset management practices, including a comprehensive IT asset inventory. As a result, when CVE-2017-5638 was announced, Equifax lacked the ability to effectively take action against the vulnerability.

February 14, 2023

How to track asset ownership with runZero

Asset inventory is the first step to getting context around a device. But what about who owns it? Knowing who is responsible for an asset is as important as knowing what an asset is.