30 days of it compliance q&a #10: what should my device inventory include?

many compliance mandates require that you keep a device inventory.but those inventories are limited to a specific scope of devices. for example mandates such as pci dss (payment card industry data security standard) 3.0, require that you only inventory of devices applications that are involved in the processing or delivery of pci information. although this limited inventory would meet the compliance requirement, we recommend that keep a broader inventory to include all devices on your network.

why? recall the recent breachat target. hackers got into target’s network from a computer that ran the hvac system. the building’s hvac system and was also run by an external third party organization.this particular computer was not involved in any processing, transmission or storage of pci information and therefore did not need to be part of the pci inventory, but it was the initial vector hackers entered target’s network to steal pci information.

so what you should your inventory include to really help you?

  1. all devices connected to your network (wired and wireless)
    1. devices need to be grouped to make it easier to find information.
  2. your inventory should be able to distinguish between pci systems and the rest of your network.
  3. asset information should be gathered.
    • name
    • serial numbers
    • location information
    • cpu
    • disk (total size, used and free space)
    • memory (total size, used and free memory)
    • owner / administrator or responsible party for the device.
  4. installed and running software
    • devices (network devices, appliances)
    • server
    • ability to diff the different installed software periods to see what was installed or removed from the server/device.
  5. operating system versions and build numbers
  6. installed operating system patches
  7. application information (name, build and version)
  8. process and service information
  9. topology maps
    • layer-2 (physical connection map)
    • layer-3 (routing/network map)
    • flow map (what ports and protocols are seen between devices)
  10. user information
    • contact information (full name, title, address, telephone number)
    • group member ships (e.g. member of the domain admins group)
  11. port inventory
    • switch information (what mac/device/user is connected to what physical port and vlan).
  12. network configurations
    • running and startup configurations
    • ability to diff configurations to quickly see what changed on the device.
  13. automate the discovery process so it is always up to date.

remember that your inventory is a snapshot in time, so the longer between discoveries the less useful the information becomes and the more at risk your organization becomes. we recommend using a tool like accelops, which uses a configuration management database (cmdb) that can constantly monitors your environment for changes and vulnerabilities. once a change or vulnerability is detected, you can be alerted to take the appropriate action.

the accelops cmdb allows for detailed device inventories, the solution also provides change and security monitoring, log management, and performance and availability monitoring in a single platform accelops comes with over 2,000 audit-ready rules and reports for pci, hipaa, sox, cobit, iso, itil, glba,, gpg13, nerc, ferc..

once your device inventory has been established it could answer questions like the following:

  1. where is microsoft iis running in my environment (desktops and servers)?
  2. what servers have a particular patch?
  3. what servers do not have a particular patch?
  4. what users have access to the erp system (what users are members of the erp user group)?
  5. what devices are involved in pci information (router, switches, firewalls, physical/virtual servers, applications)
  6. what is my layer-2 topology map of my pci systems?
  7. what was added to my network yesterday?

want to discuss how a cmdb can make your i.t. operations and compliance easier? contact accelops to learn more.

authors


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone


marta stone

try accelops free for 30 days

 

get a live product demo

 

tags

cloud
security
big data
rsa
analytics
compliance
q&a
pci dss
hipaa
sarbanes oxley (sox)
target breach

about accelops

accelops provides the leading it operations analytics platform for the modern data center. the virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

accelops automatically discovers, analyzes and automates it issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. accelops’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

the accelops platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their it capabilities. 

keep social

twitter
facebook
linkedin