The State of Utah Department of Technology Services (DTS) learned the hard way about the importance of accurate, real-time asset management. In 2012, a Medicaid database server was placed online without changing the server’s factory-default password. The resulting data breach exposed the personal information of 780,000 of Utah’s 3.1 million residents.1
The cyberattack itself was excruciating, but the thing about data breaches is that the pain doesn’t go away for months—even years.
After the hack, it wasn’t long before regulatory bodies began requesting audits and expecting post-breach compliance. Unfortunately, the State of Utah DTS staff had all the talent but none of the tools they needed to fulfill all of the incoming demands. At the time, they couldn’t identify, classify and control the approximately 60,000 devices on their network. They also lacked compliance details such as configurations and software versions for each device. And the absence of clarity as to what was on the network prevented the organization’s ServiceNow® configuration management database (CMDB) from providing a complete, accurate IT asset inventory.
After learning about the Forescout solution, the State of Utah put the Forescout platform through a proof of concept. Agentless visibility without having to rip and replace any hardware or software was what originally attracted them. And, in particular, there were three use cases they were interested in:
- Rogue device detection
- 802.1X check
- Automated remediation
That last one, automated remediation, would have taken care of the Medicaid server issue and prevented the breach because the errant server would have been detected upon connect as being out of compliance with a policy that required all default passwords to be changed. The Forescout platform would have fixed the problem immediately.
The more the staff worked with the solution, the more use cases they discovered. In fact, more were added to the POC, including classification and categorization of devices, automated controls, automated notifications, and port and protocol checks. “I could see clearly that every one of my direct reports would have an application for the Forescout solution,” says State of Utah DTS CIO Michael Hussey. “There was no question it would help dramatically in cybersecurity, compliance and desktop support.”
“I could see clearly that every one of my direct reports would have an application for the Forescout solution. There was no question it would help dramatically in cybersecurity, compliance and desktop support.”
— Michael Hussey, CIO, State of Utah
Turning asset intelligence into real-time situational awareness
The Forescout platform can discover and classify every IP-connected virtual and physical device without requiring software agents. In addition, it assesses and continuously monitors the security posture of those devices. These capabilities are asset management game changers. By continuously informing a CMDB of exactly what devices are accessing your network—including granular details of device software and security state—formerly point-in-time databases become real-time databases. This wealth of up-to-date device knowledge can be shared with various security, IT management and other business services. Forescout Chief Product and Strategy Officer Pedro Abreu puts it this way:
“The Forescout eyeExtend for ServiceNow® solution integrates ServiceNow’s CMBD offerings with the Forescout platform to help the State of Utah eliminate network blind spots and maintain an accurate asset inventory at all times, which is critical to achieving regulatory compliance and minimizing security risk.”
One of the best added benefits of implementing the Forescout solution is the reduction in time and money spent on audits and compliance. With 20 to 30 people involved in a medium-sized organization like the State of Utah DTS, the cost in man-hours to create audit reports manually with spreadsheets can be well over $1 million every three years. “With the Forescout solution, we expect to save millions from exponentially faster audits that produce fewer findings and require less remediation effort,” notes Phil Bates, CISO, State of Utah. “And that savings doesn’t take into account savings from avoiding a breach, thanks to improved ability to keep endpoints compliant and unauthorized devices off the network.”
You can also check out our most recent blog posts on achieving real-time asset management:
- Building a Comprehensive IT Asset Management Strategy
- Six Ways to Gain Business Value with Real-Time IT Asset Management
Or, see the Forescout platform in action here.