Actively Managing Assets in Archer Provides Real Security Value

By Eric Noonan • August 21, 2015

Note: This is the first in a series of blog posts in which CyberSheath GRC consultants specifically describe how the RSA Archer GRC Solution can assist with the adoption of the Critical Security Controls for Effective Cyber Defense.  Each post of this series will focus on one of the 20 Critical Security Controls.

CyberSheath has worked with countless customers who are just beginning their GRC journey.  As security consultants first, the initial steps we take when building out GRC efforts for any organization align with the Critical Security Controls for Effective Cyber Defense.  These controls, formerly known as the SANS 20 Critical Security Controls, focus on prioritizing actionable and pragmatic security functions that are effective against advanced attacks.

20 Critical Security Controls

Control 1: Inventory of Authorized and Unauthorized Devices

The first Critical Control, Inventory of Authorized and Unauthorized Devices, tells us that organizations should “Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.”  To accomplish this, companies need to maintain an asset inventory of all systems connected to the network, preferably deploying an automated asset inventory system to gather the data.  The idea behind this control is that we can’t protect what we don’t know we have and therefore, having an accurate asset inventory is always the first step in both mature security and GRC projects.

Many organizations today have a CMDB or other asset inventory methods but they often use manual spreadsheets that are not automated, and the information isn’t accessible enough to be actionable.  That information is also usually just a list of computer names, IP Addresses, and possibly some operating system info but that’s usually where it ends.  Additionally, the responsibility for maintaining this repository is often not clear and the data isn’t tied into any other security processes, such as incident response or vulnerability management.

When we use RSA Archer to manage our asset inventory, we can satisfy the security objectives of this control with a best-in-class asset inventory system.  Utilizing Archer’s Enterprise Management module, and specifically the “Devices” application, we can import all our known asset information from multiple sources.  Archer accepts information from many different databases and other sources of asset data utilizing the data feed capability.  Organizations can, for example, import asset information from their CMDB, vulnerability scanners, configuration compliance tools, and any other source.  Then use the different feeds to augment, edit, and improve the inventory so that it becomes the “master list” of all devices.  No other product collects and rationalizes asset data like Archer.

Managing asset inventory is just the beginning, tying the data into other parts of Archer is where we start to see real GRC context and meaning.  Mapping assets to the employees that own them, the facilities they reside in, and the business units they belong to can help us visualize our IT infrastructure like no other tool can.  Digging deeper, we can map our servers to applications and those applications to business processes.  When we then conduct Business Impact Analyses against those business processes, the criticality of the assets (servers) becomes quantified and all of this is measurable with reports and metrics.

It’s no coincidence that the first step in building a secure organization is also the first step conducted when beginning a GRC journey.  When we combine these efforts we accomplish both goals for far less than the cost of what separate projects would cost, and security organizations are able to show real value from their Archer deployment as we begin to address the Critical Controls and stop attacks.  Download our GRC datasheet to learn more about how we can assist your organization on your GRC  journey.

Watch for our next post as we discuss how Archer can assist with the second Critical Control, Inventory of Authorized and Unauthorized Software, coming soon.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.