The deadline for CISA BOD 23-01 compliance is coming up on April 3, 2023. In less than two months, federal civilian executive branch (FCEB) departments and agencies must have implemented solutions to fully meet the requirements outlined in the directive, including the ability to automate asset discovery every 7 days and initiate on-demand discovery within 72 hours of receiving a request from CISA.
One of the key takeaways from the directive is the importance of identifying unmanaged assets on the network because of the risks they introduce. A fully comprehensive asset inventory is the only way to fully address the directive.
When CISA first issued this directive, we’d hear agencies say, “We already have an asset inventory through our CAASM. We’re in good shape!” While Cyber Asset Attack Surface Management (CAASM) solutions can definitely help with building asset inventory and reducing cyber risk, they may not be enough to meet the requirements in the directive–especially if they are leveraging an API-only approach.
Challenges with API integrations-only approach
Most CAASMs leverage an API-only (or a very API-dominant) approach to bring asset data from hundreds (or even thousands) of security and management tools into the solution. Theoretically, with a shared data set, security and IT teams can focus on improving their cyber asset hygiene and security posture, and not spending time tracking down information. However, the truth is: the information in the CAASM is often incomplete, and data quality may be unreliable.
Let’s dig into some of the key challenges of relying on CAASMs that only offer an API-based approach and what you can do instead.
Challenge #1: Finding unmanaged assets
Over and over again, we hear security teams say, “We can’t protect or manage what we don’t know.” Exacerbated by common issues like shadow IT, rogue access, and oversight, unmanaged devices continue to fly under the radar, creating potential entry points for attackers. Unmanaged devices are usually the first foothold for attackers because they tend to miss security controls and don’t have an owner maintaining them.
Many CAASM vendors claim that unmanaged devices can be solved by leveraging integrations with existing tooling. This approach ignores the fact that security teams have tried to use data from vulnerability scanners and EDR agents for asset inventory without success. These approaches cannot find unmanaged assets because they typically require credentials to scan or deploy, which are not available for rogue, IoT, and OT devices. As a result, these teams will continue to miss unmanaged devices if they rely on their vuln scanners or EDR agents for asset inventory.
Ultimately, the completeness and accuracy of the data in a CAASM will depend on the quality of the sources you use. While an integration-based approach is a good way to discover managed assets, it’s not the most effective one for unmanaged ones. The best way to discover unmanaged assets is through unauthenticated scanning.
Challenge #2: Getting accurate data
Most CAASMs build asset inventories from API imports with third-party solutions, like vuln scanners and EDRs; they don’t discover assets independently. Instead, they rely on their security and IT stack for asset inventory, so the data is only as good as the source itself. You can generally get a lot of depth about managed devices through integrations, but the quality may be inconsistent and/or inaccurate. Many solutions, like your vuln scanner and EDRs, are not purpose-built for asset inventory, so fingerprinting falls below expectations. Instead, you may get some basic information about the device, like the IP address, MAC address, and vendor, which isn’t significantly helpful for asset inventory. And on top of that, you’re completely in the dark about unmanaged devices.
According to Gartner, data quality affects labor productivity by about 20%. The lack of access to high-quality, accurate data impacts the ability for security teams to make decisions quickly, especially in the face of critical events. To deliver on its full promise, CAASMs need to complement these data sources with active discovery to accurately fingerprint assets.
Complement your integrations-based approach with active scanning for full asset inventory
CAASMs can help with comprehensive asset inventory–if complemented with unauthenticated active discovery. This approach ensures that you’re able to cover all your bases for the CISA BOD 23-01 directive. With a scanner that leverages a security-research based approach to accurately fingerprint devices with high-fidelity, you can feel confident that you have a comprehensive asset inventory of managed and unmanaged assets.
By combining active scanning with an integrations-based approach, managed assets get the benefit of being enriched with additional attributes, while unmanaged assets are identified and fingerprinted.
Partnership Will Drive Increased Adoption of Portnox’s Cutting-Edge NAC Solution Purpose-Built for Large Distributed Organizations in the Region
LONDON — Portnox, which supplies network access control (NAC), visibility and device risk management to organizations of all sizes, today announced that it has partnered with Distology for the sole distribution and resell of its cloud-delivered NAC-as-a-Service solution in the United Kingdom and Ireland.
We chose to partner with Distology because of their successful history of IT security solution distribution in the UK and Irish markets, said Portnox CEO, Ofer Amitai. Were confident this collaboration will yield tremendous growth for both parties, as Portnox has a unique value proposition and Distology has the market enablement expertise to effectively evangelize our network security offering.
We have a long-established relationship with Portnox and it speaks volumes that the team have decided to choose Distology as their sole UK&I distributor. The technology Portnox brings to the market is incredibly exciting and complements our existing vendor stack effortlessly, said Stephen Rowlands, Head of Sales for Distology. Were especially looking forward to representing and promoting Portnox Clear to our growing partner base, as this brand-new cloud-based technology has potential to completely disrupt the market and we foresee masses of growth potential in this innovative product.
Portnox introduced its cloud-delivered NAC-as-a-Service solution to the UK & Irish markets less than two years go. As the first to bring NAC to the cloud, Portnox has quickly gained a foothold in the region, particularly among large distributed enterprises in the retail, construction and utilities industries.
The adoption of our NAC-as-a-Service product in the UK has been very strong to date, said VP of Products, Tomer Shemer. This is a testament to the fact that the UK is one of the markets leading the trend of cloud security adoption. We expect to see continued growth in the coming years in this area of Europe.
Portnox is set to exhibit at this week’s RSA 2020 Conference (booth #4234) in San Francisco, February 24-28. Additionally, Portnox (booth #G108) and Distology (booth #C40) will both be exhibiting at InfoSec Europe 2020, Europes largest event for information and cyber security, in London, June 2-4.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
Distology is a Market Enabler and offers true value for the distribution of disruptive IT Security solutions. The vendors we work with represent innovative and exciting technology that continues to excite and inspire their reseller network. Our ethos is based on trust, relationships, energy and drive and offers end to end support in the full sales cycle providing vendor quality technical and commercial resource.