CIS Security

Asset Management

Reading Time: 2 minutes

In this segment we talk about Asset Management. We can talk about a number of tools which can be used to track assets. A typical Asset Manager should be enterprise ready; be easy to use; easy to export data. Be able to record licenses as well as servers; workstations; phones; printers; firewalls; hvac … well you get the idea.

As a quick reminder Asset Management is CIS control #1 and #2. We should have a handle on our hardware and software. I am not sure if I would recommend any one particular product – everybody has their own unique needs. In truth you could Google Top Asset Management Software by year to list the top 150 and their still would be plenty after that. Some of the features should be considered carefully. Your shop could be small and only need to work with a few close people. Others might require an approach that scales across geographic locations. Some asset management programs might have an active component which might help dynamically discover assets (computers, switches, phones, printers, etc).

Besides just having a program to help manage assets, you probably should consider 1) A policy that helps declare how often you review your assets and number 2) a policy which outlines how you validate your control, a check if you will. This might take a bit of extra work but if think about it you probably already have a range of diverse platforms tracking items for you. You have AD which holds user and computer data; you might have additional packages like ISE, your AV solution, your Vulnerability Scanner which can all be used to help to provide a picture about your environment. If used effectively active components can help verify that the content you manually enter is correct. These systems can also be used to check your source systems to verify assets in your contributing system are not stale. This can help you find old servers in AD and assets that are eating additional licenses.

This does does take some work. There are systems on Amazon that are relatively inexpensive but maddening to locate unless you are already know the product by name.

  • AssetPanda
  • ManagerPlus

Related posts



QRadar configuring a syslog source.


Vulnerability Analysis Tools

Tom Hamilton