WEBVTT

1
00:00:00.000 --> 00:00:01.560
In this lesson,

2
00:00:01.560 --> 00:00:04.620
we will learn about Asset Control.

3
00:00:04.620 --> 00:00:09.300
Asset control involves maintaining a detailed inventory

4
00:00:09.300 --> 00:00:12.990
and continuously validating the security status

5
00:00:12.990 --> 00:00:15.750
of all assets within the network

6
00:00:15.750 --> 00:00:18.987
to ensure they comply with security policies

7
00:00:18.987 --> 00:00:21.570
and are protected against threats.

8
00:00:21.570 --> 00:00:26.490
Asset control concepts include Asset Identification,

9
00:00:26.490 --> 00:00:29.700
Asset Management, and Attestation.

10
00:00:29.700 --> 00:00:33.600
Let's learn more about these asset control concepts.

11
00:00:33.600 --> 00:00:37.170
First, we have Asset Identification.

12
00:00:37.170 --> 00:00:41.670
Asset identification is the first step in asset control.

13
00:00:41.670 --> 00:00:44.760
It involves cataloging all devices,

14
00:00:44.760 --> 00:00:48.270
applications, and data within the network

15
00:00:48.270 --> 00:00:51.330
to create a comprehensive inventory.

16
00:00:51.330 --> 00:00:56.070
In an enterprise, this means identifying every computer,

17
00:00:56.070 --> 00:00:59.580
mobile device, server, application,

18
00:00:59.580 --> 00:01:02.670
and data source connected to the network.

19
00:01:02.670 --> 00:01:07.020
To do this, organizations use various tools and techniques

20
00:01:07.020 --> 00:01:10.440
to discover and track assets automatically.

21
00:01:10.440 --> 00:01:14.640
Network scanning tools like Nmap or Nessus

22
00:01:14.640 --> 00:01:16.830
can be used to scan the network

23
00:01:16.830 --> 00:01:19.470
and identify connected devices,

24
00:01:19.470 --> 00:01:24.000
such as laptops, desktops, printers, and servers.

25
00:01:24.000 --> 00:01:25.980
For software inventory,

26
00:01:25.980 --> 00:01:30.660
tools like the Microsoft System Center Configuration Manager

27
00:01:30.660 --> 00:01:35.010
can track which applications are installed on each system.

28
00:01:35.010 --> 00:01:37.890
In the cloud or in hybrid environments,

29
00:01:37.890 --> 00:01:39.780
cloud management platforms,

30
00:01:39.780 --> 00:01:44.780
like AWS Asset Manager or Azure Resource Manager,

31
00:01:44.790 --> 00:01:48.570
can help catalog and manage cloud-based resources

32
00:01:48.570 --> 00:01:51.720
such as virtual machines and databases.

33
00:01:51.720 --> 00:01:55.230
Additionally, endpoint detection and response tools,

34
00:01:55.230 --> 00:01:57.750
like CrowdStrike or SentinelOne,

35
00:01:57.750 --> 00:02:01.920
can provide a continuous inventory of all endpoints,

36
00:02:01.920 --> 00:02:06.090
including details about the device's security posture.

37
00:02:06.090 --> 00:02:08.370
These tools often integrate

38
00:02:08.370 --> 00:02:11.100
with centralized asset management systems

39
00:02:11.100 --> 00:02:13.380
to provide a realtime view

40
00:02:13.380 --> 00:02:17.040
of all assets within the enterprise network.

41
00:02:17.040 --> 00:02:20.520
By continuously updating the asset inventory,

42
00:02:20.520 --> 00:02:22.350
organizations ensure

43
00:02:22.350 --> 00:02:25.020
that they have a current and accurate picture

44
00:02:25.020 --> 00:02:29.430
of all devices, applications, and data sources.

45
00:02:29.430 --> 00:02:33.210
This is very important for maintaining network security

46
00:02:33.210 --> 00:02:36.540
and compliance in a zero trust environment.

47
00:02:36.540 --> 00:02:39.360
Second, we have Asset Management.

48
00:02:39.360 --> 00:02:42.750
Asset management involves the ongoing process

49
00:02:42.750 --> 00:02:46.500
of monitoring and maintaining identified assets

50
00:02:46.500 --> 00:02:49.770
to ensure they are secure and compliant.

51
00:02:49.770 --> 00:02:53.820
This includes applying the latest security updates,

52
00:02:53.820 --> 00:02:56.190
ensuring correct configurations,

53
00:02:56.190 --> 00:02:59.550
and adhering to security policies.

54
00:02:59.550 --> 00:03:04.140
In a zero trust model, this means continuously monitoring

55
00:03:04.140 --> 00:03:07.230
the health and status of each asset

56
00:03:07.230 --> 00:03:09.780
to prevent vulnerabilities.

57
00:03:09.780 --> 00:03:12.090
Asset management uses tools,

58
00:03:12.090 --> 00:03:17.090
like Microsoft Windows Server Update Services, or WSUS,

59
00:03:17.340 --> 00:03:21.780
for patch management, and to deploy and verify updates.

60
00:03:21.780 --> 00:03:24.750
Next, configuration management tools,

61
00:03:24.750 --> 00:03:27.990
such as Ansible, Puppet, or Chef,

62
00:03:27.990 --> 00:03:32.940
can be used to enforce consistent settings across devices.

63
00:03:32.940 --> 00:03:35.520
Then endpoint management solutions,

64
00:03:35.520 --> 00:03:40.320
like Microsoft Intune or VMware Workspace ONE,

65
00:03:40.320 --> 00:03:42.090
can monitor compliance

66
00:03:42.090 --> 00:03:45.810
and automatically remediate security issues.

67
00:03:45.810 --> 00:03:48.450
Finally, centralized platforms,

68
00:03:48.450 --> 00:03:52.620
like ServiceNow or SolarWinds, track assets,

69
00:03:52.620 --> 00:03:55.020
integrating with security tools

70
00:03:55.020 --> 00:03:57.510
to provide real time updates

71
00:03:57.510 --> 00:04:01.380
on the status and compliance of each asset.

72
00:04:01.380 --> 00:04:05.100
Third, we have Asset Attestation.

73
00:04:05.100 --> 00:04:09.240
Asset attestation verifies the security posture

74
00:04:09.240 --> 00:04:12.960
and compliance of assets within the network

75
00:04:12.960 --> 00:04:16.620
to ensure they meet required security standards.

76
00:04:16.620 --> 00:04:19.950
This process involves regular checks

77
00:04:19.950 --> 00:04:21.840
or real-time assessments

78
00:04:21.840 --> 00:04:25.680
to validate that devices, applications, and data

79
00:04:25.680 --> 00:04:28.560
are secure, correctly configured,

80
00:04:28.560 --> 00:04:31.470
and compliant with security policies.

81
00:04:31.470 --> 00:04:36.240
Asset attestation is implemented using various tools.

82
00:04:36.240 --> 00:04:40.230
For example, endpoint detection and response solutions,

83
00:04:40.230 --> 00:04:42.900
like CrowdStrike or SentinelOne,

84
00:04:42.900 --> 00:04:46.350
can continuously monitor assets for compliance,

85
00:04:46.350 --> 00:04:50.910
detecting missing updates or unauthorized configurations,

86
00:04:50.910 --> 00:04:54.210
and triggering alerts or corrective actions.

87
00:04:54.210 --> 00:04:57.900
Next, Security Information and Event Management

88
00:04:57.900 --> 00:05:02.900
or SIEM platforms, like Splunk or IBM QRadar,

89
00:05:03.180 --> 00:05:08.040
can analyze security data, providing real-time insights

90
00:05:08.040 --> 00:05:12.240
into compliance failures, or security threats.

91
00:05:12.240 --> 00:05:16.800
Finally, compliance scanning tools, like Tenable or Qualys,

92
00:05:16.800 --> 00:05:20.130
can perform continuous vulnerability scans

93
00:05:20.130 --> 00:05:23.220
and compliance checks against benchmarks,

94
00:05:23.220 --> 00:05:28.220
like the Center for Internet Security or CIS guidelines.

95
00:05:28.440 --> 00:05:31.890
In application, an organization may perform

96
00:05:31.890 --> 00:05:34.680
continuous attestation of devices,

97
00:05:34.680 --> 00:05:38.400
checking that they have up-to-date antivirus software,

98
00:05:38.400 --> 00:05:40.080
encryption enabled,

99
00:05:40.080 --> 00:05:44.700
or specific configurations that align with company policies.

100
00:05:44.700 --> 00:05:49.170
If a device fails attestation, it might be quarantined

101
00:05:49.170 --> 00:05:52.530
or denied access to sensitive resources

102
00:05:52.530 --> 00:05:55.800
until it meets those compliance requirements.

103
00:05:55.800 --> 00:06:00.360
This ensures that only secure and compliant assets

104
00:06:00.360 --> 00:06:03.720
are allowed to operate within the network.

105
00:06:03.720 --> 00:06:07.230
So remember, asset control

106
00:06:07.230 --> 00:06:10.950
involves maintaining an up-to-date inventory

107
00:06:10.950 --> 00:06:15.750
of all devices, applications, and data within a network,

108
00:06:15.750 --> 00:06:19.380
and continuously validating their security status

109
00:06:19.380 --> 00:06:22.980
to ensure compliance with security policies.

110
00:06:22.980 --> 00:06:26.970
Asset control includes three key concepts,

111
00:06:26.970 --> 00:06:30.150
asset identification, asset management,

112
00:06:30.150 --> 00:06:32.370
and asset attestation.

113
00:06:32.370 --> 00:06:34.350
Asset identification

114
00:06:34.350 --> 00:06:37.890
involves cataloging all connected assets

115
00:06:37.890 --> 00:06:40.710
to create a comprehensive inventory,

116
00:06:40.710 --> 00:06:43.380
using tools like network scanners

117
00:06:43.380 --> 00:06:45.750
and cloud management platforms.

118
00:06:45.750 --> 00:06:47.550
Asset management focuses

119
00:06:47.550 --> 00:06:51.750
on continuously monitoring and maintaining these assets

120
00:06:51.750 --> 00:06:55.200
to ensure they are updated, correctly configured,

121
00:06:55.200 --> 00:06:58.050
and compliant with security policies,

122
00:06:58.050 --> 00:07:01.590
using patch management, configuration management,

123
00:07:01.590 --> 00:07:03.840
and endpoint management tools.

124
00:07:03.840 --> 00:07:06.540
Finally, asset attestation

125
00:07:06.540 --> 00:07:10.260
verifies the security and compliance of assets

126
00:07:10.260 --> 00:07:13.860
through regular checks or real-time assessments,

127
00:07:13.860 --> 00:07:16.740
using tools that detect vulnerabilities,

128
00:07:16.740 --> 00:07:20.460
assess compliance, and enforce security standards

129
00:07:20.460 --> 00:07:24.933
to keep the network secure in a zero trust environment.