Utilize an Active Discovery Tool
Description
Utilize an active discovery tool to identify assets connected to the enterprise’s network. Configure the active discovery tool to execute daily, or more frequently.
Implementation Checklist
Tool Recommendations
SIEM platform with log management, threat detection, investigation, and compliance reporting across enterprise data sources
Cisco (Splunk) · Ingest-based or workload-based
Cloud-native SIEM and SOAR with AI-driven analytics, automated threat response, and native Azure/M365 integration
Microsoft · Pay-as-you-go (per GB ingested)
Cyber asset attack surface management platform providing comprehensive asset inventory across IT, cloud, SaaS, and OT environments
Axonius · Enterprise subscription
Threats & Vulnerabilities (CIS RAM)
Threat Scenarios
Undetected Compromised Host on Network
ConfidentialityWithout active scanning, attacker-controlled devices or compromised hosts remain invisible on the network, enabling long-term data exfiltration campaigns.
Network Segmentation Bypass via Undiscovered Assets
IntegrityAssets that bridge network segments but are not discovered by active tools allow attackers to pivot between zones that should be isolated.
Vulnerabilities (When Safeguard Absent)
No Automated Network Asset Discovery
Relying solely on manual inventory processes means new or transient devices connected to the network are not detected in a timely manner.
Infrequent Discovery Scanning
Without daily active discovery scans, the gap between a device connecting to the network and its detection grows, increasing the window for unauthorized activity.
Evidence Requirements
| Type | Evidence Item | Collection Frequency |
|---|---|---|
| Technical | Detection tool deployment evidence (dashboard screenshots, agent status) | Captured monthly |
| Technical | Sample alert/detection output demonstrating capability | Captured quarterly |
| Document | Governing policy document (current, approved, communicated) | Reviewed annually |