Asset management is a fundamental IT discipline at the heart of risk management. Due to the variety of diverse...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
devices that can connect to a network, however, vulnerability scanners have a ways to go before being truly integrated within an asset management system. Given that Nmap is considered to be the best network discovery tool available, you are not going to find anything more comprehensive. Nmap has been around for several years, won numerous awards, and is included with many operating systems. It has become the tool of choice for many network administrators who want to map their networks and test them for vulnerabilities. This versatile utility can determine what hosts are available on a network, what services those hosts are offering, and what type of packet filters and firewalls are in use. The open source tool also has the ability to remotely fingerprint a machine's operating system. You can output the results in XML format so that they can be easily imported into a database or converted into HTML for analysis. Since Nmap is free, it is obviously a better deal than any proprietary network-mapping software you might choose.
If you run a purely Windows-based network, you might want to consider Microsoft's Systems Management Server. This product can map the hardware base, including BIOS and chassis enclosure data, existing applications, version information and the current service pack and hotfix levels of devices on the network. Machines and users can also be specifically targeted with software updates and patches.
For whatever product you choose, you will need to create sustainable, systematic processes to achieve strong asset and vulnerability management. Start by regularly scanning your network to fully discover the devices present on it. These may include laptops and handheld devices that may not always be connected. Next, schedule regular vulnerability scanning for specific devices and ranges of IP addresses. It is most important to maintain a record of all these activities from asset discovery to fixes and patching. This information is critical for reporting results to managers and auditors; it demonstrates to outside regulatory agencies that the organization is managing the security risks within the business.
Dig Deeper on Vulnerability Risk Assessment
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.