ITAM and CMDB: You’re Missing the Bigger Picture

ITAM and CMDB: You’re Missing the Bigger Picture


Back to basics

Cybersecurity is a broad domain, and achieving good cyber hygiene requires a holistic approach comprised of various tools, processes, and policies. A foundation for these efforts is asset visibility – you cannot protect and manage what you don’t know exists. IT asset management (ITAM) and configuration management database (CMDB) are two platforms that seek to help enterprises manage their IT assets. However, a significant difference is that ITAM serves business purposes, while CMDB is more service-orientated. Below is a table differentiating between the two:

An ITAM platform generates an IT asset inventory for the enterprise. A CMDB is a repository containing all relevant information about a company’s hardware and software IT components (known as configuration items) and the relationships between these components.
Through this inventory, ITAM facilitates the oversight, tracking, management, and optimization of IT assets for business and/or financial purposes. A CMDB allows enterprises to track and, more importantly, understand their IT services from an operational perspective by identifying and verifying each component.
Deep insights provided by the ITAM solution enables the enhancement of business operations, contributing to areas such as risk management and cost optimization. In fact, the latter was the key driver behind ITAM investments for 74% of organizations, according to Deloitte. The CMDB information means enterprises benefit from better management of their infrastructure and any associated risks that may disrupt productivity. In short, a CMDB helps ensure continued service performance. A CMDB can also overlap with and support an ITAM database.

Nevertheless, despite supporting distinct purposes, both ITAM and CMDB provide an asset inventory, and the two are likely to overlap. However, visibility gaps limit the accuracy of the asset inventory, thus minimizing the efficacy of ITAM and CMDB platforms.

What you see is not always what you get

ITAM and CMDB platforms rely on various identifiers when generating hardware asset inventories, such as a device’s MAC address, VID, PID, Class ID. However, these parameters can easily get spoofed. And a lack of Layer 1 visibility limits ITAM and CMDB platforms from differentiating between legitimate and spoofed devices. Furthermore, the Layer 1 visibility gap means MAC-less devices go completely undetected and, thus, unaccounted for by ITAM and CMDB solutions.

The Layer 1 blind spot results in an inaccurate hardware asset inventory, whether the device has been misidentified or is absent entirely. Either way, the efficacy and value of ITAM and CMDB are significantly reduced as, without an accurate asset inventory, the platforms cannot meet their purpose; enterprises are (unknowingly) relying on an unreliable inventory to make business and operational decisions. A major problem with an inaccurate asset inventory is that vulnerabilities go unaccounted for, significantly limiting risk management efforts due to the warped perception of the enterprise’s risk posture. Even more worrisome is that malicious actors exploit the Layer 1 blind spot through the use of rogue devices – spoofed peripherals or hidden network implants. And the enterprise cannot mitigate such threats. Instead, these devices operate covertly and can conduct a myriad of harmful attacks. For instance, malware injection, data theft, espionage, man-in-the-middle (MiTM), and more.

I spy with my HAC-1 eye

To conclude, Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility by covering Layer 1. No device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices to provide complete asset visibility. HAC-1 gathers various Layer 1 data parameters to generate a digital fingerprint for every hardware asset, identifying all assets for what they truly are, not just what they claim to be. Further, HAC-1 assesses the risk posture of every device and instantly detects those which are vulnerable. This is a feature augmented by the solution’s built-in threat intelligence database to ensure up-to-date protection.

HAC-1 integrates seamlessly with third-party tools to provide optimum ITAM and CMDB capabilities; the solution’s deep visibility acts as an additional data source to fill gaps in information. Thus improving data integrity to generate a complete and accurate hardware asset inventory. Additionally, HAC-1 capitalizes on asset visibility to protect the enterprise from perilous hardware-based attacks. The solution initiates an automated mitigation process against unauthorized and malicious devices, blocking such assets through third-party solutions, thereby increasing the value of ITAM and a CMDB.

© 2023 SRC Cyber Solutions LLP. All Rights Reserved.