IT assets management solutions offer functionalities such as the discovery, tracking and monitoring of enterprise’s IT assets – physical or virtual – and may also allow performing certain management activities on them, thus ensuring the enforcement of applicable policies.
Patch management solutions check targeted categories of IT assets on their up to date level of patching and allow performing the management and installation of patches.
CMDB (Configuration Management DataBase) solutions have at their core an appropriate database, with its associated engine, structured specifically for storing informations about various categories of IT assets – hardware, software – thus allowing organizations to gain a comprehensive view and management of their IT inventory.
The solutions available on the market are usually aligned to one or another of the mentioned categories, and describe themselves as such, but they may also cover many of the functionalities mentioned previously for all three categories.
In order to be able to manage the security risks for a given IT platform, all the elements – systems, services – which are required for the essential services provided by that IT platform must be determined and understood. In simpler terms one must be able to name the assets which are to be defended.
On the other hand, all those assets must be continuosly kept up to date against the patches and security hot fixes which IT vendors are releasing.
IT Security management strategy frameworks, promoted by organisations such as the NIST agency in the US, or the European Union’s Network and Information Security directive, identify the IT asset management area as one needed step among the security measures which enterprises should take to manage risks to their network and information systems.
In order to satisfy the above described needs and/or the mandated NIST/NIS requirements it becomes obvious that an appropriate solution which targets these areas has to be considered as part of the overall IT Security tools strategy. Such a solution must cover all elements of the IT platform in scope, physical or virtual, on-premise or in cloud.
One important functionality which these solutions are usually able to provide is the exposure of devices which should be managed and protected but they are not, either because they have been left out of the security management tool’s configuration by mistake or because previously installed and working security management agents have become broken.