Security Controls 101 – What You Don’t Know CAN Hurt You; Inventory Your Software

In my last blog post I told you why it’s important to know what’s on your network and why it matters.

But knowing what devices are connected isn’t enough. You have to know what’s on those devices. What software is installed? What version? What have your users installed that you don’t know about?

Who cares?

You should.

Why Software Inventory Matters

There are 2 reasons why knowing what software is installed matters.

  1. So that you can patch. Many attacks come through outdated software that hasn’t been patched. Considering the number of patches that are released each month for vulnerable core software like Windows and Microsoft Office, this is crazy dangerous. Don’t get me started on apps like Flash and Java.
  2. So you can remove unauthorized software. It’s easy to assume that once you deploy a workstation with your business’ base image that you never have to touch it again. But c’mon, we know that our people will install anything that they think will make their time at work more productive, enjoyable, or <insert adjective here>. They install tools, games, and gimmicks to either help them do their jobs better, or entertain them so that they don’t have to do their jobs. These installs often come with their own vulnerabilities, and adware and/or malware installed along with.

Software Inventory Options for Small Businesses

Once again, in the spirit of our mission, “To help you build safe, secure, networks on a shoestring budget”, here are some tools that will help you inventory the software on your small business network.

  • Spiceworks (https://www.spiceworks.com) – Once again, Spiceworks really does a great job here. It was top of my list in device inventory, and it certainly deserves to be mentioned here. Two things that make Spiceworks stand out in this arena are first, the reports that Spiceworks provides; you can display each workstations’ software inventory, or see a complete inventory across your network. Second, you can even manage some software installs on workstations from the Spiceworks console. Nice!
  • Lansweeper (https://www.lansweeper.com) – This is a nice little package that tells you a lot about the devices on your network, including software that’s installed, hardware configuration, license keys, and anti-virus status. It’s free for 100 “assets” (which may be anything from workstations to printers to monitors). One thing I really like is that  they don’t require you to give any personal information for your download. Gosh, I hate it when I’m required to give up my email address and phone number, knowing that a sales person is going to blow up my phone for the next week.
  • ManageEngine’s Windows Admin Tools (https://www.manageengine.com/products/free-windows-tools/ ) – Like the other tools mentioned here, ManageEngine’s Admin Tools are more than just software inventory. The tools are a collection of hardware details, remote access, Group Policy updates, Wake On Lan and more. But of course, you can also display the software installed on each machine as well. You can also remove software and export a list of software packages to .TXT or .CSV. One thing I don’t like about the Admin Tools is that it’s very workstation-centric; there is no complete list of software across your domain, as there is with Spiceworks. The interface is a little clunky as well. I may click on a machine and the program gives me no feedback to let me know that it’s performing an operation. That makes it a bit confusing to use. But it does work, and it is free, so I don’t want to discourage you from giving it a try.

An honorable mention, because it has a pretty hefty cost associated with it (for small businesses) is BelArc’s Belmanage (https://www.belarc.com/en/products_belmanage). One of our customers has used BelArc for years. Each machine runs an agent that regularly pushes an inventory to a cloud-based console. The console then allows you to slice and dice hardware and software results in a lot of different ways. It gives extremely detailed output in an HTML format. The “Small Network” package is $1800 for 50 client licenses and the “Belmanage Base” system is priced at $5000 for up to 250 monitored clients.

Knowing what hardware and software are on your network provides the base for your security plan. Once you know what’s installed, you can begin formulating a plan to protect what you have. Do you regularly inventory your software? What do you use? Share with us in the comments below.

Network ninja, dad, husband, rugby player. I help you secure your digital stuff.