Security News > 2022 > November > Future-proofing asset and vulnerability intelligence in response to CISA’s BOD 23-01
Five steps to designing a futureproof asset intelligence program.
While many factors play into the longevity and success of any cybersecurity initiative, there are five standout elements for building a cyber asset intelligence program to scale with an organization's size and evolving maturity.
These different tools will normally have public APIs, which can be leveraged to extract the asset data and context needed to construct an accurate and current view of the asset landscape, as well as to monitor the environment as it changes over time.
Take, for example, a critical vulnerability is detected on an asset-but how critical is it that this system be patched immediately? That, of course, depends on context: Is the asset on a public facing network? Does it have access to, or is it processing sensitive data? Is it supporting a critical business service? Is it on the same network segment as another asset which is? Is there a known exploit for the vulnerability involved?
BOD 23-01 is an important mandate which will set precedent and help to drive better cybersecurity hygiene in the areas of asset discovery and vulnerability assessment.
It is an opportunity for all organizations to look to the future and assess the dynamic cyber asset intelligence capabilities needed to support their cyber posture and resilience aspirations.
News URL
https://www.helpnetsecurity.com/2022/11/21/asset-discovery/
Related news
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)