To address this cybersecurity challenge, NCCoE security engineers developed an example solution that will provide an organization the tools to centrally monitor and gain deeper insight into their entire IT asset portfolio with an automated platform. Using open source and commercially available technologies compatible with an existing infrastructure, this example solution addresses questions such as “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” By tying existing data systems for physical assets, security systems, and IT support into a comprehensive IT asset management (ITAM) system, financial services companies can dynamically apply business and security rules, using automation, to improve their cybersecurity resilience and gain efficiencies in asset management and reduce costs associated with unused or underutilized physical and software assets.
In short, the example ITAM solution gives companies the ability to track, manage, and report on information assets throughout their entire life cycle. This can ultimately increase cybersecurity resilience by enhancing the visibility of assets, identifying vulnerable assets, enabling faster response to security alerts, revealing which applications are actually being used and reducing help desk response times.
Read the two-page fact sheet or the press release from NIST. For archival purposes, you may download the revised and original Project Descriptions.