In-Depth
Why IT Asset Management is Critical to Your Network Security
Asset management software can complement your current security tools to provide more complete desktop security.
by David Richards
Although dedicated products such as anti-virus, spyware, and anti-malware software are standard components in an organization's security arsenal, new and ever more insidious schemes keep proliferating, eluding even the most sophisticated preventive measures. Companies can have policies in place to prevent users from visiting "bad" Web sites, but that can't always stop phishing scams, malware, and Trojan viruses from infiltrating, often simply arriving unannounced in an unsuspecting user's inbox. It's estimated that some 6,500 new phishing attempts and bogus Web sites are discovered every day -- almost double 2008's rate.
Small and midsize businesses (SMBs) are particularly vulnerable to malicious intrusion. It's estimated that businesses worldwide lose more than $221 billion a year from identity theft. Cyber criminals have stolen at least $40 million from SMBs across America in a sophisticated but increasingly common form of phishing scheme where online banking credentials are stolen with the help of malicious software distributed through spam. That doesn't account for all the time and work lost due to miscellaneous viruses and malware that work their way into small business networks.
In light of the increase in the number and sophistication of threats and intrusions, it's clear that companies need to be increasingly diligent about protecting the integrity and security of their networks. One solution is to add another layer of defense from a tool not often included in a company's standard security arsenal.
Adding asset management software to an organization's standard toolkit -- which typically includes a variety of cyber-protection measures such as anti-virus, anti-spam, and anti-malware software -- approaches network security from a different perspective by identifying suspicious event-based processes and activities that are typically invisible to these other security tools.
IT Asset Management: An Overview
IT asset management (ITAM) is defined as the business practice of managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of hardware and software applications within an organization. In short, an asset management software solution delivers efficiencies across the organization by providing unmatched transparency into the organization's IT assets -- for instance, the number and location of desktops, what hardware is needed, what software is installed, what hardware needs replacement, what software needs updating, and what legacy software licenses or applications are not being used and can be discontinued.
At the same time, asset management software can add an extra layer of protection by allowing IT administrators to monitor and identify unusual activity down to the individual user level. Alerts can be configured to trigger for everything from multiple failed log-ins to a specific computer that's using too many computer cycles -- activities that might indicate a security breach. Alerts can also be sent based on unexpected new software installations or changes to files or settings.
Desktop security software can also be used in conjunction with an ITAM solution to provide further network protection. Specifically, lockdown features in desktop security software can be automated to shut down systems that might have been violated, as well as seal off servers, desktops, and the Windows OS before malicious downloads or undesirable changes -- whether intentional or unintentional -- can harm the network.
Securing Your Assets
Asset management software provides IT administrators with deep visibility across the network via a management console that presents a clear and up-to-date accounting of what resides on each desktop and server. The software will send information back to the central console, allowing IT administrators to identify threats in real time and swiftly resolve problems or conflicts. If a threat is identified, IT administrators can also secure desktops and the network with blocking tools that prevent users from deleting files and applications, making unauthorized changes to the desktop or operating system, saving or using unauthorized programs, or using USB or CD drives that may upload unwanted programs or files.
The security features embedded in standard asset management software can supplement, or even replace, the security features in Windows Active Directory, providing additional functionality and a simpler interface. ITAM allows IT administrators to block specific users and/or allow read-only access with a few clicks of the mouse as opposed to the complicated process of disabling drivers and unregistering devices using Windows -- changes that will affect all users, not just unauthorized ones. Specified users can then be prevented from deleting critical files and applications, making changes to the desktop or system, saving or using specific applications, and generally harming the operating system.
Moreover, when required, asset management software provides additional data protection with an automated recovery feature that can restore desktops and the network to a previous point in time on reboot -- quickly and transparently.
Case Study: ITAM Solution in Action
The central location of a mid-sized health-care company houses 350 workstations and serves as the hub for five regional offices throughout the United States. The IT team's chief task is to support smooth, uninterrupted claims processing. This means maintaining and optimizing all systems that support the organization's constituencies -- agents, customer service reps, back-end staff, etc. The IT administrator is continually monitoring for anything that slows or in any way jeopardizes standard business processes.
The company had leading anti-virus, spyware, and anti-malware programs installed and, although they proved effective, over the course of the past six months the network was breached three times -- once from a virus that came through a peer-to-peer program installed on an employee's desktop, another from a piece of malware that came from a bad Web site, and a third from a phishing scheme that exposed user names and passwords.
After an intensive evaluation of their security framework, an IT administrator found a forum where colleagues were discussing using ITAM software as another layer of protection in the never-ending battle between hackers and IT professionals. Had the ITAM tool been in place prior to the company's breaches, the peer-to-peer software would have been detected and removed, the malware from the bad Web site would have been identified and contained, and the network temporarily taken down as soon as suspicious activity (the phishing scheme) was detected.
Since the company has put ITAM software in place, other potential breaches were pre-empted and thwarted -- a disgruntled employee was prevented from copying or uploading files onto a USB thumb drive, and an outside user attempting multiple logins was identified and prevented from accessing the system.
Protecting Your Assets
The various ways in which a network can be breached and compromised puts IT professionals on the defensive, stealing time and resources they could otherwise commit to more productive and strategic activities and initiatives. Today's IT administrator is at a big disadvantage when it comes to battling these persistent security threats -- and not simply because increasingly sophisticated schemes allow more Trojan horses and the like to slip through unnoticed. Some of the threat comes from irresponsible user behavior, e.g., installing unauthorized applications or absent-mindedly opening a malicious attachment.
If properly maintained, popular anti-virus, spyware, and anti-malware solutions are effective at catching and preventing the lion's share of unwanted -- and occasionally harmful -- intrusions. Asset management software, used in conjunction with these tools, provides a more complete desktop security solution by protecting the network from harmful downloads as well as unauthorized changes, while thwarting and mitigating the potential damage caused by irresponsible user behavior.
David Richards is the CEO of CrossTec Corporation of Boca Raton, FL, a software solutions provider for network and classroom management. You can contact the author at djr@CrossTecSoftware.com