Security risks and threats for enterprises are growing as enterprises rapidly add devices and extend core-to-edge networks to support digitization, artificial intelligence (AI), and innovation imperatives. This article provides an overview of how IT and security teams can use configuration management databases (CMDBs) to evolve critical processes for improving their security posture, such as:
- Improving asset visibility and inventory: Advanced CMDBs provide real-time asset discovery with agentless and agent-based techniques and map dependencies and flows. As such, they provide invaluable insights teams can use to plan threat mitigation initiatives as well as solve security issues quickly.
- Strengthening vulnerability management: CMDB reports can help IT and security teams detect common vulnerabilities, such as shadow IT, outdated software and hardware with known issues, and more. They provide insights IT operations teams can use to patch, fix, or decommission devices.
- Enhancing incident response: CMDB data can automatically flow and be integrated with other security platforms as well as IT service management platforms, making it easier to ‘connect the dots’ and rapidly triage and resolve incidents.
- Enforcing access control and privileged account management: With tight controls and audit trails, IT operations teams can govern who does what to devices and enforce least-privilege-granted best practices.
- Ensuring compliance and audit readiness: CMDBs, when properly set up are unique in that they contain all the relevant IT information in one place. As such it can help IT operations and compliance teams quickly run reports to meet compliance mandates and achieve 24/7 continuous compliance.
- Using integration and automation: CMDBs integrate with common security platforms and automate reporting, enabling teams to quickly and consistently discover different issues.
IT operations and security teams can harness CMDB capabilities and best practices to improve network visibility and control. Doing so enables defense-in-depth cybersecurity models even as devices multiply and networks expand. Let’s take a closer look.
Leveraging CMDB for Asset Discovery and Inventory Management
AI-powered attacks are up 51% this year, with attackers favoring phishing, malware, ransomware, and password attacks. As a result, enterprises are redoubling their efforts to detect and mitigate risks and threats. One of the most powerful weapons in IT teams’ toolkits is an operational system they likely use daily—a configuration management database (CMBD).
As networks have become more complex and sprawling, monitoring and managing them has become increasingly difficult. CDMBs auto-discovers assets and tracks their changes and configurations over time. As such, they can help IT operations teams proactively identify and mitigate risks, such as new vulnerabilities announced by vendors, regularly applying new patches and other fixes.
CMDBs help IT operations teams track assets in near real-time. They use agentless and agent-based processes to discover all hardware, software, virtualized, and cloud assets and update data by executing scheduled or continuous jobs. This infrastructure inventory helps IT operations teams visualize all existing assets, track their dependencies and flows, and plan and evaluate configurations and changes. With these insights, IT teams can identify risks such as:
- Shadow IT: As IT teams innovate and deploy more applications, shadow IT risks are growing. Gartner expects that by 2027, 75% of all employees will have acquired, modified, or created technology outside of IT’s purview–up from 41% in 2022.
Shadow IT includes unapproved SaaS apps. It also spans misconfigured or abandoned storage buckets in cloud storage services such as Amazon S3, Google Cloud Storage, and Amazon Blob Storage; orphaned virtual machines; and unused database instances in cloud databases, such as Amazon RDS, Google Cloud SQL, or Azure SQL Database. By identifying these assets, teams can decide whether to secure and manage or decommission them. - Outdated software and patches: CMDBs track software versions and patch levels against known vulnerabilities and patches, rapidly identifying gaps. IT teams can prioritize patching efforts by level of risk, proactively reducing vulnerabilities.
- End-of-life hardware and software: CMDB information includes the lifecycle status of all assets, enabling IT teams to identify hardware nearing end-of-life or end-of-support proactively. IT teams can use this information to win support and budget for new IT systems and to decommission legacy technology.
- Unauthorized changes: CMDBs house living records of all approved device configurations. As a result, IT teams can detect unauthorized configurations made to IT assets by comparing current configurations against baseline changes and swiftly remediate these changes.
- Configuration drift: IT devices are continually reconfigured, and as a result, new configurations may drift from approved baselines. CMDBs can help IT teams detect drift by triggering alerts or automated remediation actions to return the devices to approved baselines.
With this information, IT operations teams can work with cybersecurity peers to address known risks, improving security and network performance.
Improving Cybersecurity with Better Vulnerability Management
A recent survey of Fortune 500 public and internet-facing assets found that 98% of companies had critically vulnerable assets, averaging 476 per organization. Nearly two-thirds (62%) also had risky connections. Further, 95% had expired certificates, and 8% had exposed login pages accessible over HTTP.
These gaps are growing as enterprise leaders prize experimentation with data and AI and the rapid deployment of new applications. Last year, IT security vulnerabilities set a new record–more than 29,000 were detected worldwide.
CMDBs can help teams plan, prioritize, and remediate vulnerability management initiatives so that they focus on the highest-risk, highest-priority fixes first. In addition, by using CMDBs, teams can adopt a continuous improvement approach, reducing the attack surface with proactive vulnerability management.
Enhancing Incident Response with CMDB Insights
IT service management teams can integrate CMDB tools with popular ITSM applications such as Freshservice, ServiceNow, and Jira Software, among other tools. (Device42, which provides a popular CMDB and ITAM solution that offers these integrations, was recently acquired by Freshworks, the parent company of Freshservice.)
With comprehensive, up-to-date information on assets, such as location, device type, owner, dependencies, flows, and recent changes and configurations, ITSM teams don’t have to waste valuable time collecting incident data. Instead, they can use CMDB-driven workflows to investigate, prioritize, and assign incidents for remediation; and track progress and resolution. In addition, teams can conduct root cause analyses to prevent their recurrence.
Enforcing Access Control and Privileged Account Management
Knowing who has access and change privileges for each device type is critical to improving network security. With CMDB insights, teams can review access control policies and limit privileged accounts to those needing them—many teams segment access by region, business unit, device, and privilege type. For example, an IT operations team member might only be able to configure networking devices in the EMEA region. IT operations teams can also enforce least privilege principles based on CMDB data. Some stakeholders may only need view and reporting access, for instance.
Ensuring Compliance and Audit Readiness with CMDB
Enterprises comply with industry and regional regulations and customer requirements, influencing how they store, use, and transfer data. In the US, these regulations include the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI-DSS). In the European Union, the General Data Protection Regulation (GDOR) provides strict requirements for protecting the data of residents living in the European Economic Area.
IT operations teams can use CMBDs to monitor and manage physical, software, virtualized, and cloud devices and track their dependencies and flows. This information can, for example, ensure data meets regional storage requirements.
With real-time visibility into devices and relationships, IT operations teams can ensure compliance, prepare for audits, and provide key stakeholders with documentation on how devices meet requirements. If questions arise, reporting can provide detailed information on which changes and configurations were made to key devices, when, and by whom.
Read:
Implementing and Managing a CMDB: Security and Compliance Considerations
IT Discovery for Compliance: Ensuring Your Company Meets Regulatory Standards
Compliance Standards: An In-Depth Multi-Chapter Guide
Leveraging Integration and Automation to Enhance Cybersecurity
CMDBs help improve cybersecurity in multiple ways. As with ITSM tools, CMDB data integrates with security incident and event management (SIEM) platforms, enabling them to integrate audit data and detect performance anomalies that could indicate an incursion.
For example, IT operations teams can automatically run custom reports, such as:
- Software by device type
- Devices accessed by external IP addresses
- Devices potentially containing personally identifiable information that have public IP addresses
- Devices using commonly exploited ports
- Devices with a mismatch between production and non-production environments
- Devices with no operating systems
- Devices with operating systems but no software
- Devices with prohibited software
- Network information for IP addresses without attached devices
This information gives security teams greater visibility into shadow IT, potential PII vulnerabilities, and other risks that should be investigated and mitigated. In addition, teams can automate alerts that show when prohibited software has been detected to triage these issues immediately.
Streamline Security Management with Device42
As networks grow, security teams are managing more devices than ever. Teams need to collaborate with other stakeholders, such as IT operations, and work efficiently to identify and prioritize risks and gaps for remediation. Advanced CMDBs such as Device42 that provide automated discovery and dependency mapping enhance cross-functional teams’ ability to address these issues rapidly, improving their companies’ security posture.
