Techniques for Automatic Device Identification and Network Assignment

1. SESSION ID:
#RSAC
Rodney Moseley
Techniques for Automatic Device
Identification and Network
Assignment
Network and Data Security Architect
Microsoft Corporation
NIS-R06

2. #RSAC
Disclaimer
Presentations are intended for educational purposes only and do not replace independent
professional judgment. Statements of fact and opinions expressed are those of the presenters
individually and, unless expressly stated to the contrary, are not the opinion or position of RSA
Conference or any other co-sponsors. RSA Conference does not endorse or approve, and
assumes no responsibility for, the content, accuracy or completeness of the information
presented.
Attendees should note that sessions may be audio- or video-recorded and may be published in
various media, including print, audio and video formats without further notice. The
presentation template and any media capture are subject to copyright protection.
© 2024 RSA Conference LLC or its affiliates. The RSA Conference logo and other trademarks are proprietary. All rights reserved.
2

3. #RSAC
Network &
Infrastructure Security

4. #RSAC
Educate + Learn & Apply
Discover tips and
techniques I have used
and implemented
Decide if you have
applied any of the
items and fill the gaps
Implement the new
items and prefect the
in-place programs

5. #RSAC
Protecting Your Environment

6. #RSAC
Topics
Identification of
challenges
What should be
prioritized
Tips for inventory
collection of devices
Options for telemetry
reporting

7. #RSAC
Managed Devices
Network, Endpoint, IoT, and Servers devices without
attributed owner
!
Connected Devices
Unknown risk status derived from Device detection
systems ( scanners, switches, NGFW, etc. )
!
Unknown Systems
Devices connect without validation
Reduced to highest risk proposition for manageable
lists
!
Overwhelmed monitoring/tooling
Try new ways/models of training/ways to incentivize
!
How do
we solve
for

8. #RSAC
Is this
your
scenario

9. #RSAC
Botnets can compromise IoT
devices, turning them into
malicious nodes for
coordinated attacks.
Mitigation: Regularly update
device firmware, change
default credentials, and
segment IoT networks.
Internet of Things (IoT/OT)
Organizations often struggle
to monitor and manage their
extensive IoT device fleets
effectively.
Mitigation: Invest in robust
device management
solutions to track device
health, apply patches, and
detect.
Many IoT devices lack proper
physical security measures.
Mitigation: Implement
physical safeguards such as
tamper-evident seals, secure
enclosures, and restricted
access
Weak encryption or
unencrypted data storage
can expose sensitive
information.
Mitigation: Use strong
encryption protocols for data
at rest and in transit.
Regularly update encryption
keys.

10. #RSAC
What we can prioritize

11. #RSAC
Benefactors Network Teams
Threat Intelligence | Red/SOC/Intel
Inventory Management Teams
Security Operations Teams
Zero Trust Teams Program Leads
Asset Assurance Teams

12. #RSAC
Tips for Inventory Collection
DISCOVERY CONSULTING ASSURANCE ONBOARDING REFLECTION
01 02 03 04 05

13. #RSAC
Programs to Consider
◉ Develop a security review system that
reports on risk
◉ Review and assess Compliance
◉ Define components that can be
automated ​or self attested
◉Assessment
PHASE
3
◉ Create a classification mechanism that
organizes discovery​
◉ Identify & Rate Risk ​
◉ Classify items to Risky Groupings​
◉ Use Identity Access mgt systems​
◉Consulting
PHASE
2
◉ Develop a system that reports on the status
of connected devices
◉ New Deployments, Infrastructure Discovery​
◉ Inventory Validation Process & Collection
of datapoints
◉Discovery
PHASE
1
◉Onboarding
PHASE
4
◉ Complete a system that remediates
◉ Manages and reports on risk status of
connected devices - Dashboard Flag​
◉ Zero Trust Implementation – Isolate
and onboard devices​
◉ Create Security tagging
◉ reference Policy and Threat Intel​

14. #RSAC
 DB for unaccounted for devices
• Product identification
• Regional placement
 Categorization of Devices
• Set classification
• Compliance Policies
 Inventory Validation Process
• Match Against your existing inventory
• Use conditional Access systems to confirm

15. #RSAC
Discovery
RISK ANALYSIS DB
ASSET INVENTORY

16. #RSAC
Consulting
 Risk Alignment
• Check against known risks
 Asset Identity
• Use Identity as a control
 IoT Identification
• Device segmentation
• Use Identity Access to classify
 AI Classification
• Use your AI to perform Cross analysis

17. #RSAC
Consulting
RISK ANALYSIS DB

18. #RSAC
Consulting Cont.
 AI Classification:
 AI can help improve inventory management by
analyzing large amounts of data, identifying
trends, and making accurate predictions.
 Use your AI to perform Cross analysis
• Real-time tracking ( from Monitors, Switches,
Secure boundaries, etc.)
• Predicting variations through Identity
• Analyzing behavior patterns
• Automating fulfillment registration
• Optimizing accountability verticals
AI Classification:

19. #RSAC
Assessment
 DB for Unaccounted for Devices
• Product / Vendor identification​
• Regional placement timeline
 Categorization of Devices
• Set groups to scope classification
• Classification should match compliance policies
 Inventory Validation Process
• Match against your existing inventory
• Use conditional access systems to confirm

20. #RSAC
Assessment

21. #RSAC
Asset Management
Control systems that make a difference
Device ID and tagging Define secure
boundaries
Quantum agile
systems
Map your
infrastructure

22. #RSAC
Onboarding
 Asset management system​
 Self registration to get connected
portal ​
• (Wired/Wireless)​
 Device attestation System​
 Zero Trust​
• Endpoint controls​
• Headless device controls​
 Device Remediation Systems​
 Quantum compute registration

23. #RSAC
ONBOARDING
Onboarding

24. #RSAC
Security Compliance
Platform
Vision and Strategy
Standards/Baselines
Device Management
Enforcement Strategy
Connected Device Strategy
Zero Trust
Segmentation
Strategy
Telemetry
Device Telemetry
Requirements
Identity
IoT/OT Access Policy
Device Help
Monitoring Policy
Healthy Device Policy

25. #RSAC
Telemetry Reporting

26. #RSAC

27. #RSAC
Consider your Visibility
27

28. #RSAC
Metrics to Measure Success

29. #RSAC
Pivot Percentages
Track Progress
RACI
Pivot Risk Score | Compliance | Managed

30. #RSAC
Expected Outcome
Coordination with partner teams to establish a device portal
– Facilitates categorization and security AI Assessment of devices
Program Capabilities
– Identifies unknown devices and assesses risk posture
– Prioritizes remediation or awareness campaigns
Assessment Accounts for
– Risk validation, alignment, and attestation
– Isolation alignment for Zero Trust infrastructure
– Leadership visibility for accountability
RISK Based Decisions

31. #RSAC

32. #RSAC
Recap: Start Planning Today
Make decisions on what are the assets you MUST protect
Learn network behaviors
Compare snapshots
Trust nothing (Zero Trust) and validate all connections
– Develop an Isolation plan
– Manage your identities
– Register your devices
Create a system of record and response to the results
– Develop a team to review and remediate
– Develop standards that align
– Don’t work in a silo
32

33. #RSAC
Manage the
Important Assets
Thank you!