Complete Asset Discovery – The Missing Link to Effective Edge Security
Challenge Introduction
As was discussed in the Elimination of Edge Network Vulnerabilities—Mission Impossible?, the network perimeter can pose distinct challenges to many centralized or agent-based cybersecurity solutions related to:
- Incomplete device, endpoint, or infrastructure discovery
- Restricted deployment to headless endpoints or devices
The resulting degraded security visibility can result in assets with vulnerabilities going undetected and corresponding weaknesses open to exploit by threat actors. Cybersecurity professionals need much more than “dead reckoning” to keep ahead of the many bad actors in the world.
The Four-Steps to Overcoming the Obstacles
Step #1 – Complete Asset Discovery (Inventory)
An effective, ongoing, and comprehensive discovery (inventorying) process can overcome these blind spots in your cybersecurity defenses. This task is often the responsibility of the network team. There are many techniques, individually or in combination that can be used here. Examples include:
| Action | Description |
|---|---|
| ARP Sweep | Used within local networks to map IP addresses to MAC addresses. Sends ARP requests to all possible IPs in the subnet to discover devices. |
| Ping Sweep | Sends ICMP Echo Requests to a range of IP addresses and collects replies. Used to identify active devices on the network. |
| SNMP | Queries network devices for information using SNMP agents. Useful for retrieving device details like hostnames, IPs, and hardware information. |
| DNS Query | Query DNS servers to resolve hostnames to IP addresses. Use reverse DNS lookups to discover hostnames. |
| mDNS Query | Used in local networks for name resolution without a central DNS server. Multicast queries to discover services and devices (e.g., printers, smart devices). |
Worth mentioning is the inherent advantages that come with connecting directly on the local edge network, rather than from a centralized (often remote) location. It is this vantage point that is best suited for optimal situational awareness in the network edge. Typically, these tools are portable and can quickly connect anywhere on the edge both physically and wirelessly.
Steps 2, 3 and 4, described below should really be conducted in parallel.
Step #2 – Perform a Cybersecurity Vulnerability Assessment
Now that assets have been fully inventoried, the next step is to apply various tests to these devices, endpoints, and infrastructure. This includes examining switch ports for proper provisioning, confirming proper VLAN segmentation, checking acceptable wireless security authentication, and scanning for known vulnerabilities among many others. It is best to work closely with the security operations team to develop a process or workflow to ensure all possible exposures are addressed. Here is an excellent blog that can help: How to perform a cybersecurity assessment.
Step #3 – Integration with Other Vulnerability Activities
Whatever tools are used in Step 1 and 2 above, it is ideal if these activities and subsequent results be incorporated into other security efforts. Examples here include vulnerability management and testing, network management, and endpoint monitoring platforms. This being the case, be sure to seek offerings that make such integration simple.
In addition, it’s crucial—if applicable—to ensure results are incorporated into any organizational-wide initiatives such as those related to implementing NIS2 or CIS Critical Controls.
Step #4 – Network and Security Team Collaboration
It should be evident by this point that to achieve the most robust edge security posture, that those responsible for edge network management and security work closely together. If the duties are delegated to separate groups, the network team is often best positioned within the organization with knowledge of perimeter architecture details as well as current tactical status of the resources. In this scenario, they can provide a critical, unique “see the edge, from the edge” perspective.
In contrast, security staff are typically more well-versed with topics related to vulnerabilities and countermeasures.
Here is a summary of each group’s role in this important effort and the upside of partnering:
| Challenge | NetOps Role | SecOps Role | Collaboration Outcome |
|---|---|---|---|
| Visibility and Monitoring | Ensure network health and uptime | Identify and mitigate security threats | Comprehensive monitoring and control at the edge |
| Threat Mitigation | Configure edge devices securely | Implement threat mitigation tools | Reduced risk of edge-based attacks |
| Incident Response | Provide network-level insights | Investigate and address security incidents | Faster, more accurate response |
| Zero Trust Implementation | Deploy and validate network segmentation and policies | Define and enforce least privilege access | Seamless integration of zero trust at the edge |
| Compliance | Implement technical controls | Ensure regulatory adherence | Lower risk of fines and legal issues |
Summary
Even though most organizations utilize a number of advanced security solutions, there are certain situations where gaps may exist because of undiscovered devices, endpoints, and infrastructure.
Hence, it is critical that all network assets, especially at the edge are one hundred percent accounted for to ensure IT resources are fully protected against cybersecurity threats.
If you are doing this research to comply with NIS2, our handy guide CyberScope Addresses Three Critical NIS2 Measures at the Challenging Edge will provide you with valuable insights (even if your organization is not located within the European Union).
Ultimately, whatever tools are deployed must effectively address the unique challenges at the dynamic network edge – including those less obvious gaps.
