Asset management is a fundamental IT discipline at the heart of risk management. Due to the variety of diverse...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
devices that can connect to a network, however, vulnerability scanners have a ways to go before being truly integrated within an asset management system. Given that Nmap is considered to be the best network discovery tool available, you are not going to find anything more comprehensive. Nmap has been around for several years, won numerous awards, and is included with many operating systems. It has become the tool of choice for many network administrators who want to map their networks and test them for vulnerabilities. This versatile utility can determine what hosts are available on a network, what services those hosts are offering, and what type of packet filters and firewalls are in use. The open source tool also has the ability to remotely fingerprint a machine's operating system. You can output the results in XML format so that they can be easily imported into a database or converted into HTML for analysis. Since Nmap is free, it is obviously a better deal than any proprietary network-mapping software you might choose.
If you run a purely Windows-based network, you might want to consider Microsoft's Systems Management Server. This product can map the hardware base, including BIOS and chassis enclosure data, existing applications, version information and the current service pack and hotfix levels of devices on the network. Machines and users can also be specifically targeted with software updates and patches.
For whatever product you choose, you will need to create sustainable, systematic processes to achieve strong asset and vulnerability management. Start by regularly scanning your network to fully discover the devices present on it. These may include laptops and handheld devices that may not always be connected. Next, schedule regular vulnerability scanning for specific devices and ranges of IP addresses. It is most important to maintain a record of all these activities from asset discovery to fixes and patching. This information is critical for reporting results to managers and auditors; it demonstrates to outside regulatory agencies that the organization is managing the security risks within the business.
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Michael Cobb
Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb ...continue reading
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the ...continue reading
The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.