Managing Virus Outbreaks with a Trusted Inventory

It was some years ago there was a worm outbreak at a client we had just started managing where we urgently needed to identify every server infected and work on a plan to remove the worm using our own custom automated scripts (as the anti-virus vendors did not have a solution). We thought we were in a good position as the anti-virus team told me they had 99% of servers covered and the automation team said they also had a similar coverage.

If only it was that simple! It was only when we compared the two lists of the servers managed by the two teams that we discovered only 80% of the devices were the same. There were a large number of devices inactive in both tools and we discovered the state of some countries was unknown as the owners of the servers were undefined. As we went on we found devices that had not been fully built and were not recorded anywhere.

This story demonstrates the challenge all businesses face on how to continuously maintain a complete and validated server inventory so that the security of the IT environment can be maintained. Without a trusted server inventory the required security controls cannot be effectively maintained whether it is protecting the device from malicious code or controlling access to critical business data.

Asset Cycle

The solution to this problem is a closed loop process that maintains a trusted server inventory supported by network asset discovery. The process is all about automatically detecting when a device is added to the network by scanning regularly and then detecting when the device has become inactive. Critical to the process being effective is the use of the same tool to provide all systems and security management so there is only one list of servers being maintained. It means reporting on coverage for Anti-Virus tooling is trusted and if problems occur the remediation of the protection can be automated.

If you want more detail on the process read my previous post on Security without a Trusted Baseline? As an Architect the solution meets my top principle of keeping a solution simple! There is no need to introduce manual processes to reconcile different tools from many different vendors.

This entry was posted in Cyber Security, Security and Privacy and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s