CYBERSECURITY A-Z

ITAM

What Is ITAM?

Historically, IT asset management (ITAM) referred to an organization’s method for gaining a centralized view of all the IT assets connected to an enterprise network and asset tracking. A typical IT hardware asset includes hardware, such as PCs, laptops, servers, mobile devices, and printers. It also can include software license management (SLM) since software is a critical business tool.

In fact, it’s so crucial, software is used to help manage ITAM. Ironically, organizations use software asset management (SAM) tools to help manage under the ITAM umbrella.

According to Gartner, ITAM “provides an accurate account of technology asset lifecycle costs and risks to maximize the business value of technology strategy, architecture, funding, contractual and sourcing decisions.”1

But that business-focused definition has evolved over the last decade. Risks to the enterprise have been amplified by cyber attacks and the volume of assets on networks. Digital transformation has made an impact across every industry. Increasingly, enterprise assets include digitally transmitting, data gathering sensors and nodes, known as the Internet of Things (IoT). According to a recent IoT Analytics report, there were 16.6 billion connected IoT devices in 2023. IoT is expected to grow by 13% to 18.8 billion in 2024.

Today, ITAM focuses on far more than asset inventory management alone. Risk management is much more intertwined in business management process and decision making. While many in IT management at the CTO/CIO level are focused on service management or ITSM, the CISO is empowered to manage assets and devices as areas of risk or business compromise. Our strategic alliance partner ServiceNow defines ITSM as “the management of end-to-end IT service delivery to meet business goals, including the creation, delivery, and support of IT services.”

Balancing the needs of an ITSM program against those of a modern, secure ITAM program can be challenging. So, a different lens is needed when risk is in the equation.

The Cybersecurity & Infrastructure Security Agency (CISA) defines ITAM in this way: “Asset management provides a centralized overview of an organization’s network devices and the risks associated with such devices.”2

CISA goes on to explain that asset management is the foundation of a strong cybersecurity strategy. IT asset management enables operations and IT management to supervise network assets as they are being configured and deployed on the network in near real time. Today’s ITAM ensures assets are properly configured and in compliance — and that vulnerabilities have been identified and remediated.
 

ITAM and Cybersecurity Asset Management

Additional transformation of ITAM has started to make it look a lot like cybersecurity asset management for two reasons. First, robust ITAM programs now collect far more information about inventoried assets than traditional ITAM– such as device type, manufacturer, OS configuration, applications installed, patch state, network location, logged-in users, vulnerabilities, and more. This represents exactly the type of information needed to perform cybersecurity asset management.

Second, at many organizations, ITAM now encompasses any asset connected to the network with operational technology (OT) devices included in the mix – especially for those industries that are part of critical infrastructure. Utilities and the electrical grid. Water and wastewater treatment plants. Nuclear reactors – and much more. See a full list of the 16 sectors, as defined by CISA on our critical infrastructure glossary page.

OT devices may include anything from smart temperature controllers to connected manufacturing machines – and even massive industrial control systems. The new breadth of ITAM marks a significant overlap with cybersecurity asset management. This trend will only continue as the number of enterprises embracing digital transformation continues to grow. Essentially, anything with an IP address joins the mix of inventoried assets and will require tracking for lifecycle and cybersecurity management purposes.

Still, differences remain. They mostly appear based on who uses the data about each networked device. When IT departments use ITAM, they remain focused on the inventory accuracy, lifecycle, and financial aspects of networked devices. By contrast, security operations teams focus more on asset intelligence that gives them visibility and conditional data into how secure each asset is and how best to remediate the risks it imposes. It includes all the asset data collected by ITAM today regarding OS configuration, patch state, network location, vulnerabilities, et al.

ITAM Evolution Traditional ITAM ITAM Today
Main Purpose Updated IT asset inventory Minimize and mitigate security risks
Scope IT assets only Any network-connected asset (IT, IoT, IoMT, OT)
Goal To optimize asset lifecycles and costs To secure the enterprise
Main User IT team IT team, Security team

The Critical Importance of ITAM Today

For medium to large enterprises, the number of assets connecting to networks grows continuously thanks to substantial leaps forward in IT, IoT, IoMT, and OT devices. Today, the typical large enterprise – across all industries – has tens or hundreds of thousands of connected devices — with some having millions.
Consider the healthcare industry. A staggering array of innovative devices brings value to doctors and patients, but also introduces a high volume of network-connected devices to be inventoried and managed. The following is a sample of assets and device types that commonly connect to a healthcare provider’s network:

  • Smart pills
  • Consumer- and medical-grade wearables
  • Remote patient monitoring (RPM) devices
  • Point-of-care devices (at physician offices and labs)
  • Consumer- and medical-grade wearables
  • Remote patient monitoring devices
  • Smart pills
  • Consumer- and medical-grade wearables

The healthcare industry is not an outlier. Manufacturing, often considered a technology laggard, is experiencing a sea change in connected devices. Everything from manufacturing line machines to final products in homes connect to many different company departments regarding their ability to function, the need for repair and suggestions for proactive maintenance.

This broad connectivity of both traditional and non-traditional devices led the National Institute of Standards and Technology (NIST) to sound the alarm in 2018 for improved ITAM:

“The attack surface growth is outpacing your security team’s ability to identify, quantify and prioritize risk and exposure…To effectively manage, use, and secure each of those assets, you need to know their locations and functions. While physical assets can be labeled with bar codes and tracked in a database, this approach does not answer questions such as “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?”3
NIST also highlighted the value of ITAM in relation to security compliance and threat response: “Asset Management also assists agencies in creating and maintaining approved device and software inventory lists and keeping software versions updated. This capability allows agencies to comply with their organizational security policies and aids in incident-response activities.”4
 

Characteristics of an Effective ITAM Solution

NIST prescribes nine characteristics of an effective ITAM solution, including that they must:

  1. Complement existing asset management, security, and network systems
  2. Provide application programming interfaces to communicate with other security devices and systems, such as firewalls, intrusion detection and identity and access management systems
  3. Know and control which assets, both virtual and physical, are connected to the enterprise network
  4. Automatically detect and alert when unauthorized devices attempt to access the network, also known as asset discovery
  5. Enable administrators to define and control the hardware and software that can be connected to the corporate environment
  6. Enforce software restriction policies relating to what software is allowed to run in the corporate environment5
  7. Record and track attributes of assets
  8. Audit and monitor changes in an asset’s state and connection
  9. Integrate with log analysis tools to collect and store audited information6

Among these characteristics, none has gained more prominence in recent years than integrating log analysis for automatic detection and alerts. Real-time asset intelligence is raising the bar for improved security and decision-making. Modern cyber attacks penetrate networks via compromised devices and inflict damage rapidly at scale. When incidents occur, IT and security operations teams must respond instantly or near-instantly to minimize damage by using vendors with deep asset intelligence.
 

The Benefits of ITAM

Given the realities of today’s sophisticated and rapid-scale attack threats, NIST tops its list of ITAM benefits with the ability to respond faster to security incidents. The following is the full list of benefits:

  • Enables faster responses to security alerts by revealing the location, configuration and owner of a device
  • Increases cybersecurity resilience, so you can focus attention on the most valuable assets
  • Provides detailed system information to auditors
  • Determines how many software licenses are actually used relative to how many have been purchased, so you can shore up budgets
  • Reduces help desk response times: Staff will know what is installed and will isolate the latest, most pertinent errors and alerts
  • Reduces the attack surface of each device by ensuring that software is correctly patched7

 

How Forescout Helps ITAM

The Forescout platform incorporates ITAM to protect and ensure the compliance of all managed and unmanaged assets – IT, IoT, IoMT and OT. Leveraging continuous, automated discovery, classification, and assessment of every device touching your network, Forescout eliminates error-prone manual processes.

To support informed security decisions, you also need rich context about each device. The Forescout Platform collects data on device type, manufacturer, OS configuration, applications installed, patch state, network location, logged-in users, vulnerabilities, criticality, and what it’s communicating with. The solution continuously synchronizes this data with your configuration management database (CMDB), giving your IT and security teams the wealth of contextual information they need – in real time – to respond fast and mitigate risk.

Complete Visibility: Discover all managed and unmanaged devices upon connect, leveraging techniques tailored specifically IT, IoT, OT and IoMT assets as well as cyber-physical systems.

150+ Classification Attributes: Automatically classify assets based on 150+ attributes that are then referenced for asset compliance, network access control, segmentation and incident response.

30+ Assessment Techniques: Continuously assess compliance posture for all asset types using a blend of 30+ active and passive techniques that rely on traffic monitoring, scanning, third-party integrations and traditional agents.

Historical Asset Timeline: Query, investigate and analyze connected asset data across a 90-day timeline to prove historical compliance, support incident investigation and identify risks and gaps.

Learn more about the Forescout platform.


1 Gartner, IT asset management https://www.gartner.com/en/information-technology/glossary/it-asset-management-itam
2 CISA, CDM Capabilities: Asset Management, May 28, 2021. Accessed November 21, 2024 from the following source: https://www.cisa.gov/resources-tools/resources/cdm-capabilities-asset-management
3 NIST, NIST SPECIAL PUBLICATION 1800-5, IT Asset Management, September 2018.
4 Ibid.
5 NIST, NIST SPECIAL PUBLICATION 1800-5B, IT Asset Management Volume B, September 2018.
6 Ibid.
7NIST, NIST SPECIAL PUBLICATION 1800-5, IT Asset Management, September 2018.

Demo RequestForescout PlatformTop of Page