Industry Insights

Automating Endpoint Inventory Management: Set Up for Success

5 min Read

Cory Ranschau

Manager, Senior, Information Security

The way we work has profoundly changed over the past six months as employees along with their work devices have scattered out from central offices to home offices, kids’ rooms, dining room tables and backyard decks. This is nothing new. The Future of Work was always going to be distributed, and applications and management tools had already begun migrating to the cloud and Software as a Service (SaaS) platforms. It’s just that the timeline has been accelerated almost overnight—putting enormous strain on network services and security teams.

The New Normal Puts Strain on Security

As devices, applications and data leave the secure confines of the office and data center, the process of securing these entities become much more difficult. Security teams need to know what endpoints are out there, how they are being used and whether they are being adequately protected. The key, of course, is inventory management and asset health. Inventory management at Code42 used to be pretty simple. An administrator could just physically walk through the office to where the machine was supposed to be—and, chances were, it would be sitting on a desk in a cubicle used by the employee it was assigned to. 

This is impossible in the New Normal. Some sort of remote check needs to be completed, but most organizations—Code42 included—have never had a good tool for tracking distributed end points for inventory management and asset health. Sure, we had remote device management tools, but they still required us to manually pull inventory lists for deploying agents that included a lot of exceptions such as retired devices and duplicate entries. It took time and resources to get a good list going—and it was often out of date within a day or so.

Turning Lemons into Lemonade

The Covid-19 global pandemic gave us an opportunity to innovate our way out of this particular pain point. We decided to automate endpoint inventory so we could know exactly what endpoints were out in the field, whether they were active and whether they were being protected by the company’s security policies and controls.

Here are four best practices for building a home-grown inventory management system in the New Normal:

1. Develop a Single Source of Truth

The first step in building a robust inventory management system is to figure out a way to audit the endpoints, grab the data and store it in a single repository. A big component of this is settling on a standard way to track assets. We went with serial numbers for our naming convention, but you could use other data points (such as user ID) if something else makes sense for your organization. This single source of truth is the Holy Grail of inventory management, and, as long as it is updated and reliable, it allows you to do so many things that will make your life much easier. 

2. Develop a Process for Grabbing Data

Process is everything in a home-grown management solution. Your methodology has to be airtight. We wrote a simple script (just a few lines of code) to pull information from various management tools and agents already deployed on endpoints—such as the remote device management solution and other security agents. We pulled data into the repository and then pinged agents to provide the visibility we needed into their location and status. We could then hone in on the exceptions—duplicate entries, for example—and determine the problem.

3. Automate, Automate, Automate

The biggest pain point for our previous process was that it was largely manual, so we made it our goal to automate as much of our new inventory management solution as we could—using scripts to pull the necessary data from various tools and agents. Once collected, the data could be run through more complex logic to generate analysis that we could act on.

4. Remember the People

Despite the automation, it’s important to remember that you’re still dealing with people. You really need to consider the human element when implementing automation and triggers. It’s enticing to write a script that would ping a user if their device is suddenly unreachable, but that could be disruptive, a violation of privacy or just plain annoying as they could merely be sick, traveling or on maternity leave. An alert sent to the security team who can then run through some checks before contacting the user could be a much more responsible option.

The Results

The result for Code42 has been amazing. We run weekly reports that give us complete visibility into inventory management and asset health regardless of where users bring their devices. Eventually, we’ll do daily reports—giving us near real-time visibility. Knowing where our endpoints are located, how they are accessing applications and data on the network, and whether they are protected gives us a better handle on our security state. It also allows us to identify gaps in our security posture. We can identify vulnerabilities quickly and close those gaps before they can be exploited. We can also use the data to improve provisioning and resourcing.

The New Normal has changed how we operate, but we’ve taken it upon ourselves to use the disruption to improve many of our IT processes—allowing us to harden our security posture along the way.

Cory Ranschau

Cory Ranschau, CSSP, GSEC, is the Senior Manager of Information Security for Code42. Cory’s 15+ years of experience in both the IT and Security Infrastructure fields have focussed around delivering scalable, secure infrastructure.