Paul Kivikink
“Knowledge is power.” Whether you attribute this to Sir Francis Bacon or Thomas Jefferson, you’ve probably heard it before. In the context of IT and security, knowing your assets, who owns them, and how they’re connected within your environment are fundamental first steps in understanding your environment and the battle against adversaries. You can’t place security controls around an asset if you don’t know it exists. You can’t effectively remediate vulnerabilities to an asset without insight into who owns it or how it affects your business.
Maintaining an up-to-date configuration management database (CMDB) is critical to these processes. However manually maintaining the CMDB is unrealistic and error-prone for the thousands of assets across the modern enterprise including cloud technologies, complex networks, and devices distributed across in-office and remote workforce users complicate this process. To add excitement to these challenges, the asset landscape is everchanging for entities like cloud assets, containers virtual machines, which can be ephemeral and become lost in the noise generated by the organization's hundreds of security tools. Additionally, most automation fails to link business users to the assets, and many asset tools struggle to prioritize assets correlating to security events, meaning that companies can easily lose visibility and lack the ability to prioritize asset risk.
Most asset management, IT service management (ITSM), and CMDBs focus on collecting data from the organization’s IT infrastructure. They ingest terabytes of data daily, yet this data remains siloed, preventing operations, security, and compliance teams from collaborating effectively.
With a security data fabric, organizations can break down data silos to create trustworthy, more accurate analytics that provide them with contextual and connected security insights.
The ever-expanding CMDB problem
The enterprise IT environment is a complex ecosystem consisting of on-premises and cloud-based technologies. Vulnerabilities and misconfigurations are an invasive species of the technology world.
In nature, a healthy ecosystem requires a delicate balance of plants and organisms who all support one another. An invasive species that disrupts this balance can destroy crops, contaminate food and water, spread disease, or hunt native species. Without controlling the spread of invasive species, the natural ecosystem is at risk of extinction.
Similarly, the rapid adoption of cloud technologies and remote work models expands the organization’s attack surface by introducing difficult-to-manage vulnerabilities and misconfigurations. Traditional CMDBs and their associated tools often fail to provide the necessary insights for mitigating risk, remediating issues, and maintaining compliance with internal controls.
In the average IT environment, the enterprise may combine any of the following tools:
-
IT Asset Management: identify technology assets, including physical devices and ephemeral assets like virtual machines, containers, or cell phones
-
ITSM: manage and track IT service delivery activities, like deployments, builds, and updates
-
Endpoint Management: manage and track patches, operation systems (OS) updates, and third-party installed software
-
Vulnerability scanner: scan networks to identify security risks embedded in software, firmware, and hardware
-
CMDB: store information about devices and software, including manufacturer, version, and current settings and configurations
-
Software-as-a-Service (SaaS) configuration management: monitor and document current SaaS settings and configurations
Meanwhile, various people throughout the organization need access to the information that these tools provide, including the following teams:
-
IT operations
-
Vulnerability management
-
Security
-
Compliance
As the IT environment expands and the organization collects more security data, the delicate balance between existing tools and people who need data becomes disrupted by newly identified vulnerabilities and cloud configuration drift.
Automatically updating the CMDB with enriched data
In nature, limiting an invasive species’ spread typically means implementing protective strategies for the environment that contain and control the non-native plant or organism. Monitoring, rapid response, public education, and detection and control measures are all ways that environmentalists work to protect the ecosystem.
In the IT ecosystem, organizations use similar activities to mitigate risks and threats arising from vulnerabilities and misconfigurations. However, the time-consuming manual tasks are error-prone and not cost-efficient.
Connect data and technologies
A security data fabric ingests data from security and IT tools, automating and normalizing the inputs so that the organization can gain correlated insights from across a typically disconnected infrastructure. With a vendor agnostic security data platform connecting data across the environment, organizations can break down silos created by various schemas and improve data’s integrity.
Improve data quality and reduce storage costs
By applying extract, transform, and load (ETL) pipelines to the data, the security data fabric enables organizations to store and load raw and optimized data. Flattening the data can reduce storage costs since companies can land it in their chosen data repository, like a data lake or warehouse. Further, the data transformation process identifies and can fix issues that lead to inaccurate analytics, like:
-
Data errors
-
Anomalies
-
Inconsistencies
Enrich CMDB with business information
Connecting asset data to real-world users and devices enables organizations to assign responsibility for configuration management. Organizations need to correlate their CMDB data with asset owners so that they can assign security issue remediation activities to the right people. By correlating business information, like organizational hierarchy data, with device, vulnerability scan, and ITSM data, organizations can streamline remediation processes and improve metrics.
Gain reliable insights with accurate analytics
Configuration management is a critical part of an organization’s compliance posture. Most security and data protection laws and frameworks incorporate configuration change management and security path updating. With clean data, organizations can build analytics models to help improve their compliance outcomes. To enhance corporate governance, organizations use their business intelligence tools, like Power BI or Tableau, to create visualizations so that senior leadership teams and directors can make data-driven decisions.
Maintain Your CMDB’s delicate ecosystem with DataBee®
DataBee from Comcast Technology Solutions is a security data fabric that ingests data from traditional sources and feeds then supplements that with business logic and people information. The security, risk, and compliance platform engages early and often throughout the data pipeline leveraging metadata to adaptively collect, parse, correlate, and transform security data to align it with the vendor-agnostic DataBee-extended Open Cybersecurity Framework Schema (OCSF).
Using Comcast’s patent-pending entity resolution technology, DataBee suggests potential asset owners by connecting asset data to real-world users or devices so organizations can assign security issue remediation actions to the right people. With a 360 view of assets and devices, vulnerability and remediation management teams can identify critical and low-priority entities to help improve mean time to detach (MTTD) and mean time to respond (MTTR) metrics. The User and Device tables supplement the organization’s existing CMDB and other tools, so everyone who needs answers has them right at their fingertips.
