Who Polices the Police?

Discovery for continuous compliance and audit support

IT teams are responsible for maintaining the security of the technology and data in any corporate environment. That’s a huge task that requires a lot of self-examination. Without a rigorous, ongoing program to discover, evaluate and improve the security of any enterprise, it wouldn’t just be IT auditors finding vulnerabilities–it would be hackers and cybercriminals.

The first and most important step in any comprehensive IT security project is to have full visibility and deep discovery of everything in the IT estate. This includes details on what IPs exist, but have no associated devices as well as which machines are accessed by external public IPs. IT teams also need to understand the interdependencies between hardware and software configuration items (CIs) as well as data on all applications, including what versions of software that’s running and what their vulnerabilities may be. Some questions IT professionals need to ask are:

  • What devices exist with no associated OS?
  • Which machines are marked as QA or Dev but are connected to Prod?
  • Where is data stored? Is the storage used secure?
  • Where does data move in the enterprise? Is it protected as it should be?

These questions are just a start there are many more that follow. As enterprises become more complex with hybrid IT resources, security itself gets much more complicated and challenging.

Detailed Discovery and Dependency Mapping

Getting answers to all the questions that surround IT security can be a real challenge. Many organizations depend on a series of point-specific tools, spreadsheets, and tribal knowledge, but this simply isn’t good enough to be the basis of security in IT today. Organizations need an automated solution that can bring together disparate data from their entire hybrid enterprise.

Device42 is the most comprehensive agentless discovery system for hybrid IT. Device42 provides end-to-end visibility to identify dependencies between applications and infrastructure. It gives IT teams detailed insights into even the most complex enterprises across a broad range of physical, virtual, cloud, and storage infrastructure including network switching, bare metal servers, chassis and blades, hypervisors, IP subnets, and more. The solution provides visibility into legacy infrastructure, such as mainframe or midrange, hypervisors, and a vast array of storage providers. It provides the “you are here” pin on the map to digital security.

Device42 covers a broad range of platforms using industry standard protocols with a principle of least privilege approach. Its remote collectors allow for indefinite horizontal scaling of the technology. The technology can be deployed locally, in DMZs, at remote data centers, or in the cloud for complete coverage of the IT environment.

The solution agentlessly discovers hardware, software, and services for Windows (back to 2003), Linux/Unix, and other resources on mainframe. Once discovered, Device42 also clearly maps VMs to hosts, and then to VM Manager relationships. It shows what unnecessary services are running in an enterprise, such as default IIS and SQL, that could give attackers access to systems.

Device42’s Built-In IT Compliance and Audit Reports

Device42 itself includes a collection of eight reports, several of which enable custom filtering to help identify and remediate compliance issues in any environment. The reports provide details on…

  1. Internal IP Addresses discovered on active on the network that are not associated with discovered devices
  2. Devices that have been discovered but are missing operating system details
  3. Devices that have been discovered but are missing installed software details
  4. A filter-driven report allowing you to identify devices without a particular software component
  5. Production devices with discovered communications to non-production devices
  6. Private IPs that have been found communicating that are missing associated device, OS, or software details
  7. Discovered devices with external IP communications
  8. A filter-driven report that allows you to search via service name to identify unwanted running services

Report on discovered devices that are missing installed software details.

Get a filter-driven report that identifies devices without a specified software component.

Show private IPs that have been found communicating that are missing associated device, OS, or software details. These communications may indicate a variety of security risks.

Report on your choice of service names to identify unwanted services that are running.

Visibility Across Hybrid IT

Device42 detects and monitors agents that support security across the enterprise, so IT teams can see what versions are in use and where an agent may be missing. This is an important way to make sure that security tools that depend on agents, such as Tanium and Crowdstrike, are in the right places and doing their jobs.

The software offers many discovery methods including DNS zones, cloud environments via vendor APIs, hardware warranty information, and AD/LDAP user syncs. All of this information can be used to enrich the asset management data it collects.

Device42 discovers container technologies such as Docker, Kubernetes, and LXC, as well as network gear like switches, routers, firewalls, load balancers, and more. Device42 can perform resource utilization analysis against compute and hypervisor platforms to gather metrics that can be used for potential migrations or data center consolidations.

Device42 also provides detailed storage discovery, analysis and reporting across multiple vendors with ArrayIQ. This solution’s agentless, vendor-agnostic approach collects and normalizes enterprise storage metrics across popular storage vendors such as EMC, NetApp, Pure Storage, Hitachi, IBM, and more. ArrayIQ was built specifically for low overhead and ease of deployment.

ArrayIQ collects performance, configuration, and capacity data from storage arrays, servers, and switches from physical spindles to file systems in virtual machines. Not only does it provide end-to-end mapping of storage elements, it also shows how storage is replicated. Device42 and ArrayIQ deliver insight on how storage arrays support mission critical applications and know the impact of cloud migration on storage infrastructure. This data exposes potential risks that may exist at the array level before they can emerge.

Powerful Integration for Additional Analysis and Reporting

Once data has been gathered about the IT landscape, it can be viewed, analyzed, and reported from within the software itself, but the data provided isn’t a walled garden of information. This data can also be distributed as needed to other applications and services. Device42 is integrated with most management tools including Jira, Splunk, VMware, Cherwell, Zendesk, Cyberark, ServiceNow, PowerBI, and more. IT teams can integrate the extensive data from Device42 with endpoint security tools that use REST APIs to provide a more detailed view of security at the target level.

The solution also enables IT professionals to create custom reports with a built-in reporting engine or our powerful SQL-compliant reporting language DOQL (Device42 Object Query Language). Queries can form the basis of advanced reports, saved and generated via API for consumption in other tools. Users can easily export queries to BI systems like PowerBI or Tableau using our ODBC connector. DOQL is also used in Device42’s native integration to ServiceNow. The software synchronizes device hardware and software information, service details, and affinity group charts into ServiceNow right out of the box. Custom queries can be defined to sync specific datasets as needed.

Conclusion

It’s clear that the basis for successful IT security is through complete visibility. What you don’t see can harm your organization. There can be no unknowns–and also no unknown unknowns, that is, elements that you may not even realize are there because they aren’t included in typical monitoring activities. These can be particularly challenging to discover without the right tool that includes data on compute, network, and bare metal resources along with dependency mapping. Device42 is the best way to eliminate these risks and get the full picture for complete security.

For information about how Device42 can help support your continuous compliance efforts, contact us today for a free demo.

Comments are closed here.