Prioritizing the Environment and Asset Discovery

The Challenge

Knowing what to assess is a major challenge for most organizations. Vulnerability scans required by PCI or various regulations focus only on standard vulnerabilities for network segments chosen by the organization. This limited initial view, combined with the complexity and on-going change in most large IT infrastructure requires a more comprehensive, effective approach to the discovery of critical assets.

The Solution

Agiliance IT-GRC uses pre-built connectors to scanners, SIM/SEM, directories, CMDBs, and other tools typically found in enterprise networks. Aggregating and reconciling data from across these diverse systems ensures the most comprehensive discovery possible as well as notification when changes occur.

Combining automated discovery from connectors to enables powerful reconciliation of asset information generated by E-Surveys. Human error spotted by inconsistencies between E-Survey and automated asset data results in a "audit flags" in IT-GRC alerting the organization to areas needing further investigation, before the auditors find them.

Asset Reconciliation and the IT-GRC Asset Information Repository

Intelligent Profiling

Agiliance IT-GRC also uses “intelligent profiling” to automatically classify discovered assets based on answers to questions posed to asset owners such as:

• Is personal health information stored on the server?
• Is credit card data stored in the application?
• Is the data stored on the server encrypted?
• Is the data in transit encrypted?
• Does the application use the Internet to gather input users?

Answers to objective questions remove human judgment and enables an automatic calculation of asset criticality for fast, efficient and effective asset profiling.