Security Confidential: Having an Accurate Asset Inventory

Overview

In this episode of Security Confidential host Rory Meikle talks to Huxley Barbee, a security evangelist at runZero about having an accurate asset inventory. Huxley has extensive experience as a software engineer and security consultant for over 20 years. He attended his first DEFCON in 1999 and holds both CISSP and CISO certifications. Huxley is also an organizer of BSidesNYC.

Huxley’s Origin Story

Huxley talks about his career progression, starting from being solely focused on being in front of a computer screen to maturing and gaining experience, leading him to take on more responsibilities and public speaking opportunities. As he delved into public education, his role naturally gravitated towards security evangelism. Huxley enjoys what he does and considers it part of his evangelism responsibility.

Proactive Security, Risk, and Asset Inventory: What’s the connection?

Huxley explains that asset inventory is the bedrock of any security program. Without a good asset inventory, proactive security is not possible. He emphasizes the importance of knowing what devices exist on the network to effectively protect them. Proactive security involves managing risks before incidents occur, which is impossible without a solid asset inventory. While asset inventory is necessary, there may be additional components and tools required for a comprehensive proactive security program.

Using the Right Tools and Upgrading

Huxley discusses the limitations of using certain tools like EDR (Endpoint Detection and Response) and vulnerability scanners for asset inventory. These tools are mainly focused on devices they already know and manage, leaving out unmanaged devices and unknown subnets. He suggests an alternative approach using API integrations to gather data from multiple sources coupled with unauthenticated active scanning to identify and profile devices accurately. This method allows for a broader view of the network, including unmanaged devices, IoT devices, and devices in remote locations, resulting in a more comprehensive asset inventory.

IPv4 and IPv6

Huxley highlights the differences between IPv4 and IPv6 in asset inventory. He explains that asset discovery in IPv6 presents challenges due to the larger address space and the need to iterate through more addresses, making it difficult to achieve a complete asset inventory. Understanding these differences is essential to get a full picture of the network.

What do you need for an ACCURATE Asset Inventory

Huxley stresses the importance of an accurate asset inventory and the processes and tools required to achieve it. He advocates for unauthenticated active scanning combined with API integrations to act as a security researcher or pen tester, gathering as much information as possible from layer two to layer seven of the network. This comprehensive approach allows for better decision-making in the face of security incidents like ransomware attacks.

Asset Inventory Playing a Role in Ransomware

Huxley explains how a good asset inventory can play a critical role in dealing with ransomware attacks. Knowing the importance and sensitivity of devices on the network allows security teams to make more informed decisions when facing ransom demands. He also emphasizes that ransomware attacks are likely to continue, with small businesses being particularly vulnerable targets due to their lack of resources and security controls.