The Security Chain: Why Knowing Your Assets Is Key to Staying Secure

When looking at various cyber security frameworks, one common requirement stands out as essential: Asset Management or keeping a complete and up to date inventory of all your hardware and software. Why? The question becomes how do you protect an asset you are unaware of?

When configuring a vulnerability detection tool, a combination of agents and IP ranges are used to scan for hosts in scope. Challenges arise when companies do not have a change management plan and process that supports asset management. This allows networks, hosts, and services to be established that circumvent vulnerability detection. If a new server or network device gets connected without being added to the official inventory, it becomes a "shadow" asset. Without proper asset management your scope of vulnerability detection becomes outdated and only partially effective.

A real-world example is the recent Cisco vulnerabilities (see CVE-2025-20333 & CVE-2025-20362) for the Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD). These are two primary devices used in the network stack and likely to be accounted for within an asset management strategy. But what if one of these devices was used in a test environment or pulled from storage and quickly put back into service to fix a sudden hardware failure?

If the device wasn't formally updated in the Asset Management list, the staff completing vulnerability detection analysis might miss it. If it’s missed, it doesn’t receive the necessary security update, leaving your company exposed. From this scenario, we see how a cyber security framework and the importance of vulnerability management, asset management, change management work together to help establish a secure environment.

At Rolka Loube, we have implemented the NIST Risk Management Framework (RMF). This comprehensive cyber security framework makes sure we address these foundations as part of our operations—Asset Management, Change Management, and Vulnerability Management—to build a strong, reliable security program.