Inventory and Control of Enterprise Assets
Safeguard 1 - Inventory and Control of Enterprise Assets
Keeping an accurate, up-to-date endpoint inventory allows you, your department and the IT Security Office to collaborate and quickly respond to security incidents.
1.1 - Establish and Maintain Detailed Enterprise Asset Inventory
- Register endpoints with your department’s inventory system. An inventory system should include the following things:
- What is the purpose of the endpoint?
- What software is the endpoint running?
- Where is the endpoint located?
- Who is responsible for maintaining the endpoint?
- Phone number
- Update the inventory system annually.
1.2 - Address Unauthorized Assets
A process must be put in place to address unauthorized assets on a weekly basis. Once the asset has been identified, the organization may choose to do the following:
- Remove the asset from the network.
- Deny the asset from connecting remotely.
- Quarantine the asset.
1.3 - Utilize an Active Discovery Tool
It is important to utilize an active discovery tool, this will allow the organization to identify assets connected to their network. This can be done in a variety of ways depending on operating system.
Windows offers a service through Microsoft 365 Defender, known as Microsoft Defender for Endpoint. This service will allow you prevent, detect, and automate the investigation of and response to threats on endpoints. One of its core features is known as Asset Discovery, a service that will automatically scan your network’s endpoints for a variety of devices such as computers, mobile devices, and network devices. The service can also determine the device’s domain, exposure level, etc. More information on this service can be found on the Microsoft 365 Defender documentation page.
1.4 - Use DHCP Logging to Update Enterprise Asset Inventory
The use of a Dynamic Host Configuration Protocol logging can help update the enterprise’s asset inventory.
To ensure the service is running, do the following:
- Select the Start menu.
- Search for and select the Command Prompt.
Net Start. This will list the services running; look for DHCP server.
Now, to view the logs, do the following:
- Press Windows key + X and select Event Viewer.
- In the left pane, expand Applications and Services Logs.
- Expand Microsoft, then Windows, then DHCP-Client or DHCP-Server depending on which logs you would like to view.
If you have questions that are not covered in these procedures, please contact the VT IT Security Office email@example.com for a consultation.