Transient assets: managing the unmanageable
Transient assets can introduce unique challenges to tracking asset inventory and securing your network, especially in the education sector. Students and faculty rely on a diverse range of personal devices and expect to be able to use them everywhere, resulting in high ratios of transient devices on those networks. The term “transient assets” refers to assets that regularly connect and disconnect from your network or other assets. As defined by Applied Risk, a “transient cyber asset is a portable device, such as an operational laptop, which is capable of processing or transporting executable code.” While laptops are often thought of first, mobile devices, IoT devices, and many other device types can be transient if they aren’t always connected to your network. While the surge of remote work and resultant bring-your-own-device (BYOD) has brought the challenge to the doorstep of many industries, the educational sector has been juggling the security implications of transient assets for years.
Transient devices aren’t inherently problematic, but failing to track them as part of your inventory can cause security gaps. While organizations that commonly have short-term visitors can segregate a guest network from the rest of the environment, some organizations that see a lot of transient devices need to allow authenticated access to their internal network and data.
Educational organizations tend to see some of the highest ratios of transient devices as students and faculty come and go. Students and faculty are often provisioned accounts and accesses much like staff or employees. As a result, it is especially important to effectively inventory and track these transient devices so that access to internal assets or data can be monitored.
The core security concern related to transient assets is that they are often unknown and unmanageable. While unmanaged devices are a challenge in their own right, transient devices are sometimes better described as unmanageable. Normal BYOD or device provisioning policies can require enrollment in management platforms, but that isn’t typically an option for handling transient devices. As an example in the education sector, students (and their parents or guardians) are unlikely to agree to have their personal devices monitored at the host-level, so the institution needs to be able to build their inventory from network scanning.
Grabbing the list of unique MAC addresses connecting to your network over time is a common first step to understanding the scope of transient devices, but that method won’t tell you much about the asset or give you a complete inventory over time. Network scanning is essential to fill in the gaps, and an effective scanning tool can provide detailed information about the assets discovered. Not only will you have a list of IP:MAC address pairings, but you’ll know about device types, hardware, operating systems, and first and last seen dates. Once you have a sense of the scope of those attributes and network traits like commonly detected ports, protocols, and services, you can start categorizing assets until you have a clear picture of what assets show up where and when. From this baseline, you can better identify anomalies and abnormalities, supplementing your security tools with accurate asset attributes so that you can track down problems or security violations.
Building a complete inventory of assets connecting to your network is easy with runZero. The unique combination of unauthenticated active network scanning with comprehensive asset fingerprinting will help you build and maintain a context-rich asset inventory. From there, you can leverage sites, tags, and rules to categorize assets based on the unique needs of your organization. runZero readily detects when assets get new IP addresses and can even notify you by email or Slack, reducing asset duplication in environments with high numbers of transient devices being assigned IP addresses dynamically. Paired with detailed asset attributes, you can use your runZero inventory to really understand what’s on your network at any given time.
Try asset discovery scanning with runZero
Let us help you find all the transient devices in your organization.Try runZero
October 19, 2022
Contextualize honeypot alerts automatically with GreyNoise, runZero, Thinkst Canary, and Tines
Learn how to continuously enrich your asset inventory with high-fidelity data and context, leveraging tools, like Tines, Thinkst Canary, Greynoise, and runZero.
August 30, 2022
Strengthen your vulnerability management program with asset inventory
Vulnerability scanning plays a crucial role in any enterprise security program, providing visibility into assets that are unpatched, misconfigured, or vulnerable to known exploits. Customers tell us that they can take action on their vulnerability scan results most …Read More
June 22, 2022
Shadow IT: what’s lurking on your network?
Shadow IT poses an immense risk to the security of organizations around the world, but few teams feel prepared to tackle the problem. A Deloitte research report found that 32% of organizations believe “shadow IT” assets are the greatest challenge for IT asset management, but …Read More