Originally from David’s Linkedin:
Back & better than ever with Chapter 2 of Tetra Defense’s #20for2020: “Know What You Have (Software Edition)” We all remember the Equifax data breach; 148,000,000 personal records were stolen because a key piece of software that needed to be patched wasn’t (in tech jargon, to patch means to update and/or fix).
Having a good patch management (read: software update management) plan is critical for network security: but before you can have a such a plan, you need to have a current list of all the software you have on your network. Makes sense, right?
Which leads us right to the 2nd critical control businesses need to implement an information security program: a software asset inventory. And this isn’t something that only enterprise-scale businesses need/can afford to implement.
If you have computers, you have software; if you have software, you’ll need to update that software; to update that software, you’ll need to maintain an inventory of that software. Improving your cybersecurity posture means starting with the fundamentals. It doesn’t get much more fundamental than this.