-
Website
http://dmiessler.com/ -
Original page
http://dmiessler.com/blog/vulnerability-management-without-asset-management-isnt -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
All Comments
I have seen Qualys used at a lot of clients, and I'm pretty sure it has an asset discovery feature - but I dont think this works well as an enterprise wide Asset Management tool.
And on the other side, something like CA's asset management products can tell you what systems are where, but I don't think it has the capabilities to launch a qualys or other scan, or alert you to vulnerabilities, etc.. Although if it could tie in to another CA product like their security products, they'd probably be on to something.
disclaimer: I know I focused on one vendor there, but it's just what I'm familiar with from a deployment perspective and I'm FAR from a CA fan-boy/spammer/whatever so please point me in the direction of other similar products (I know they're out there).
The biggest thing about ITAM is, like security, the supporting processes around it are what make or break it. If the organization doesn't follow the framework/policies you work with them to develop, then the software is just going to sit on a shelf and collect dust and not be useful for reporting on your assets and thus, your vulnerabilities. But I'm sure I'm only preaching to the choir here!
We're true up on our photoshop licenses.....
( until you discover that your Windows shop actually has a hidden department of Macs running CS 3 that one guy got from a Spammy Re-seller? )
Check it out if you want/can: http://www.arcsight.com.
Disclaimer: Not cheap at all and sometimes feels "heavy" or bloated as it's all Java based. YMMV.
arcsight has a few products which product contains the asset discovery tool?
thank you,
raymond