All the pen testing and tabletop exercises in the world won’t help unless an organization has a complete and accurate understanding of its assets.
Question: Why is cyber asset management so important in security?
Erkang Zheng, founder and CEO, JupiterOne: In cybersecurity, we treat the symptoms more than the root causes of vulnerability. But in order to understand the root causes, we need to understand our cyber assets. An organization is constantly evolving and adding new cyber assets constantly. It needs the proper people and processes in place to be ready for an attack. We need to do security activities, such as penetration testing and tabletop exercises, but if we undertake those procedures based on an incorrect or incomplete understanding of our organization’s assets, then all those exercises become useless.
In most cases, we still catalog our assets through an incomplete approach based on outdated technology platforms and architectures that have been built out over the past couple of decades. As a result, we assemble an incomplete picture of all our assets and resources. This is because our traditional security stacks cover a small subset of our current digital operations, providing inaccurate visibility of our environment. Read more: https://bit.ly/3flVRn2