[BreachExchange] 6 Ways Software Asset Management Can Help Minimize Security Risk

Thu Aug 3 19:10:19 EDT 2017

http://www.securitymagazine.com/articles/88229-ways-software
-asset-management-can-help-minimize-security-risk

How are you reducing your IT security risks? Did you know that the global
spending on security technology is forecast to reach $81.7 Billion in 2017,
according to IDC?

No business wants to experience a security threat, especially following the
NHS WannaCry attack in May 2017 which affected over 300,000 computer
systems. However, the cost of this technology can often be off putting,
despite 27% of organizations admitting to have suffered ransomware attacks.
But with businesses requiring SAM (Software Asset Management) tools in
order to manage and optimise licensing positions, this technology can also
help to reduce security risks.

Here are the top six ways organizations can use SAM to help minimize
security risk:

- Using Inventory to Identify Malicious Items
To effectively maintain a robust security position, having an inventory of
all software deployed across the business is a must. Utilizing this
information on a regular basis enables the prevention of workers from using
unauthorized software and identify any unknown and unapproved software. SAM
tools also have the capability to maintain and detect blacklist tools;
identifying rogue software, which can help reduce vulnerability levels.

- Preventing the Use of Risky Applications
With visibility of the software deployed within the business, it becomes
easier to prevent the use of suspect or malicious applications. Even with
stringent usage policies in place for software usage, with organizations
using portable storage and mobile devices, software can be installed behind
a firewall. Using the information available from the discovery and
inventory functionality, means companies can disable unacceptable programs,
and access control ensures only authorized or selected users can access
certain software.

- Examine Usage Data if a Security Breach Happens
SAM tools create an additional level of security for applications by
providing a snapshot in real-time of which employees are accessing which
programs. In the unfortunate situation that a security breach takes place,
SAM functionality enables organizations to examine application usage data.
This is essential for identifying when the suspect software was last used
and who launched it to help solve the issue quicker.

- Promote Rationalization and Standardization
SAM tools can identify any redundant or outdated software ensuring only
necessary and required software remains available. By encouraging the
rationalization and standardization of the number of unused software
titles, organizations enable IT to support and patch fewer applications in
a security risk, especially when only 50% of organizations have conducted
staff training to help deal with these threats.

- Leverage Patch Management
Utilising SAM to support patch management can support process efficiency
and ensure the scope of target systems are complete and current, which
becomes more crucial following a recent statistic that less than 25% of
organizations are applying the latest security software patches within the
first 24 hours of release. This will result in quicker reactions in the
unfortunate event of a threat, resulting in time and cost savings, as well
as ensuring all devices on the network are running the required security
software.

- Anti-Virus Software Checks
With access to a SRDB (Software Recognition Database), SAM tools enable
organizations to perform anti-virus software checking notating computers
which have no antivirus software installed. This results in the business
being able to help reduce the number of risks in the future, by ensuring
these computers are protected.

Using SAM to Prevent Security Risks

Now is the time to fully leverage the benefits of SAM to prevent security
risks. By bringing inventory and discovery capabilities into the mix, SAM
strengthens security tools and processes, which can significantly improve
an organization’s ability to protect data, software and systems, helping to
reduce the operational risk. For some, it even helps identity those systems
missing critical security and control solutions your organization prefers
to have in place.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170803/8f9fbca6/attachment.html>