Merriam-Webster defines intelligence as the act of understanding, or the ability to apply knowledge to manipulate one’s environment or think abstractly as measured by objective criteria.1 Applying that definition to IT assets simply means being able to understand all the aspects of an enterprise’s set of assets in real time to empower decisions.
Asset intelligence is not asset management, nor is it a configuration management database or CMDB.
Asset intelligence is a concept in which organizations have access to a rich set of details regarding the assets that are deployed in the environment.
Having intelligence of the assets enables an organization to be able to answer a myriad of questions:
- How many Windows® 95 systems are there?
- How many systems have Adobe® Professional? How many of those instances are actually used?
- What ports are currently open in our network? How many of them have connections established?
- What versions of our security tools are running?
- Are my devices securely configured? Are they compliant with our established policies?
Asset intelligence provides organizations with the information needed to support many IT Infrastructure Library, or ITIL® disciplines, such as service asset and configuration management, information security management or financial management, as well as ancillary process areas such as asset lifecycle management or software license compliance.
Making decisions without trusted information is very risky, from a security perspective as well as from a financial one. Imagine you have four different versions of an agent for the antivirus solution running in your environment. You’re not aware of that though, because unfortunately there was no notification from the antivirus management server that your upgrade attempts failed. So, you think you’re protected, but without the INTELLIGENCE of what’s really deployed, you don’t realize you’re not. And without talking directly to the endpoints in an agentless fashion, you are unable to mitigate that risk.
Now consider the Adobe example from above or any software that has a full version versus a “reader” version (one that is typically free or offered at a much lower cost). Wouldn’t it be valuable to understand how many systems had the full-blown, more costly version and, better yet, which instances of those full versions that were actually being used? And for how long was each used? Knowing that information can help save quite a bit of money depending on the number of licenses to be recouped.
An agentless approach to a full-enterprise discovery of assets on the network becomes the foundation for asset intelligence. Forescout provides that foundation of visibility.