Asset management is a fundamental IT discipline at the heart of risk management. Due to the variety of diverse...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
devices that can connect to a network, however, vulnerability scanners have a ways to go before being truly integrated within an asset management system. Given that Nmap is considered to be the best network discovery tool available, you are not going to find anything more comprehensive. Nmap has been around for several years, won numerous awards, and is included with many operating systems. It has become the tool of choice for many network administrators who want to map their networks and test them for vulnerabilities. This versatile utility can determine what hosts are available on a network, what services those hosts are offering, and what type of packet filters and firewalls are in use. The open source tool also has the ability to remotely fingerprint a machine's operating system. You can output the results in XML format so that they can be easily imported into a database or converted into HTML for analysis. Since Nmap is free, it is obviously a better deal than any proprietary network-mapping software you might choose.
If you run a purely Windows-based network, you might want to consider Microsoft's Systems Management Server. This product can map the hardware base, including BIOS and chassis enclosure data, existing applications, version information and the current service pack and hotfix levels of devices on the network. Machines and users can also be specifically targeted with software updates and patches.
For whatever product you choose, you will need to create sustainable, systematic processes to achieve strong asset and vulnerability management. Start by regularly scanning your network to fully discover the devices present on it. These may include laptops and handheld devices that may not always be connected. Next, schedule regular vulnerability scanning for specific devices and ranges of IP addresses. It is most important to maintain a record of all these activities from asset discovery to fixes and patching. This information is critical for reporting results to managers and auditors; it demonstrates to outside regulatory agencies that the organization is managing the security risks within the business.
Dig Deeper on Vulnerability Risk Assessment
Related Q&A from Michael Cobb
What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these...continue reading
Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael...continue reading
What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.