ID.AM-02.123

Does your organization implement continuous monitoring for software and service inventory changes across all platforms, including containers and virtual machines?

Explanation

Continuous monitoring of software and service inventory changes helps detect unauthorized modifications, potential vulnerabilities, and security risks in real-time. This includes tracking new software installations, updates, removals, and configuration changes across physical servers, virtual machines, and container environments like Docker or Kubernetes. Without this monitoring, malicious software could be installed or legitimate services could be modified without detection. Evidence could include screenshots or reports from inventory management tools (like Tenable, Qualys, or Microsoft Defender for Cloud), configuration management systems (like Puppet, Chef, or Ansible), or container security platforms (like Aqua Security or Prisma Cloud) showing active monitoring capabilities and change detection alerts.

Implementation Example

Constantly monitor all platforms, including containers and virtual machines, for software and service inventory changes

ID: ID.AM-02.123

Context

Function
ID: IDENTIFY
Category
ID.AM: Asset Management
Sub-Category
Inventories of software, services, and systems managed by the organization are maintained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron