The problem:A worry for a lot of IT departments is rogue devices also known as stuff that appears on your network hasn't gone through the onboarding process. There may be reasons for this, such as poor onboarding procedures, users have excessive privileges, or less then optimal access management policies in place. Whatever the reason is, it is a risk and we need to understand if this is an issue and how we can monitor this over a period of time to get a trend analysis.
Baseline: Asset Management Database serves as master data for systems in the organization.
Anomaly: Systems that are found on the production network that are not in the asset management database.
Priority Information Request: We need to know when more than 10% of the systems discovered from discovery scans on our network are not in our inventory.
Key stakeholders:
Vulnerability Management:
This capability is responsible for performing discovery scanning to find devices on the subnet they are preparing a vulnerability scan for
Responsible for ensuring that a vulnerability scanning database is aligned with the information systems inventory
Information Systems Administration: Responsible for keeping track of the information systems inventory
Continuous Monitoring: End to end process of syncing information system asset inventory with vulnerability management systems database:
Key risks: Uncontrolled systems that exist on the network pose a security risk