When you think about CMDB and discovery tools, security and compliance might not be the first words that come to mind. The standard use cases usually relate to having a role in the ITIL process, helping you better manage changes, incidents, or providing the data that is required to manage your software licenses to help stay compliant
Recent market trends prove that security might be a prime use case for your CMDB. At a basic level, this makes a lot of sense. When the CMDB is being fed by an automatic discovery tool (like Universal Discovery) that feeds it with comprehensive and up-to-date information about the data center, it can easily be leveraged as a powerful tool for the security groups in your organization.
Here are a few examples of data that is discovered automatically, and can be of clear benefit to SecOps:
- Is vulnerable software _____ deployed on my environment? If so, which servers it is deployed on, what is their location, and who are their owners?
- Does my ‘car reservation’ system contain any servers that might be vulnerable by the affected software?
- What are the changes that happened to a specific device or service in the last day?
- Where do I have open ports?
- Do I have any of this vulnerable version of the operating system deployed?
- Have any of my servers drifted from a pre-defined secured baseline?
These are just examples of discoverable data. The broader the discovery is in terms of the systems discovered (servers, network, storage and even workstations and desktops), the deeper the content is (discovery of configuration, resources such as interfaces, ports, software and dependencies to other system), and more useful the CMDB information is to the security teams.
A recent customer example of using CMDB as the foundation for SecOps is America First Credit Union (AFCU). They are monitoring over 3M CIs and 1500 servers across 120 locations. Security in the financial services industry is paramount, and AFCU was able to successfully use UCMDB to power their SecOps program as well. Check out the video below for more information:
So while your CMDB is likely not going to replace your security tools, it can serve as an important asset to complement data that is required by the security groups. It is also another good way to leverage the investment of collecting this critical data across any IT program.