Cybersecurity Frameworks - Cybersecurity Guides
Cybersecurity Control Review: Use a Passive Asset Discovery Tool, CIS 1.5
Use a Passive Asset Discovery Tool, which is considered a Detection control, and is part of CIS Control 01: Inventory and Control of Enterprise Assets. This control is very similar to Control 1.3, which is utilizing an active discovery tool to detect and identify assets/devices connected to the company's network. That would be the primary method for collecting asset information on the network. Be sure to read our summary of that control. View Post Here
The point of this additional control (CIS 1.5) is to have a supplemental passive scan running once per week or more frequently, which can be used as a secondary method to update the company's asset inventory and a way to ensure that the active discovery scan has not missed any devices.
Maintaining a current and accurate asset inventory is an ongoing and dynamic process. Even for large organizations, there is rarely a single source of truth, as devices are not always provisioned or installed by the IT department, making it harder to control. With the number of devices across organizations rapidly increasing and remote work on the rise, it has become much more challenging to collect complete and accurate information. The reality is that a variety of sources need to be “crowd-sourced” to have a high degree of confidence that ALL assets are captured.
It is important to have at least two discovery software tools/solutions that can be used to review on an ongoing basis to collect information on all devices connected to your company network. Depending on the size of your organization and the IT budget, it may be challenging to have multiple asset discovery solutions, but there are several different tools and sources that can be used to identify and collect asset information efficiently and without paying for another expensive solution.
Here is a list of commonly found services on business networks that can be used to collect asset information, as well as open source/free tools.
Network device logs
Wireless access points
Anti-virus software logs
DHCP server logs
Vulnerability scanning software
Open Source or Free Network/IP Scan tools
See the list of references below
Review these sources for more information
CIS Controls https://www.cisecurity.org/controls