Skip to main content

Leveraging IPAM in your Security Program

April 20, 2015

Internet protocol address management (IPAM) is a task often reserved for the networking or telecommunications team, and most security practitioners are unaware of the treasure trove of information that exists in their own organization. What is this information and how can you, as a security practitioner, leverage it?

Understanding IPAM

The need for management, planning and tracking of IP information becomes apparent as networks grow. Dynamic hypertext configuration protocol (DHCP) ranges and static IP addresses must be configured and updated to ensure network availability and performance. The simplest approach to addressing these challenges is through the use of spreadsheets. However, as organizations mature, this approach is quickly outgrown and the responsible team procures one of several IPAM solutions available in the market. The increase in operational efficiencies gained through the utilization of these tools reduces waste and helps the managing team focus on higher priority activities. While these tools handle a host of other functions, including Domain Name Service (DNS) management and DNS firewalling, we will focus our conversation on the benefits of IPAM.

Leveraging IPAM

The configuration and the process around system maintenance is a vital component to the success of any security tool. When security tools utilize network resources to conduct scans, monitor traffic and deploy endpoints, understanding assets is critical. Through leveraging the information available in an IPAM tool, configuration and maintenance can be simplified.

To ease the management challenges, tagging features are commonly integrated into IPAM tools. The tagging feature allows for engineers to tag IP ranges or static addresses with useful information such as location, application, business owner or custom fields. The use of export functions or application programming interfaces (APIs) allow administrators of security tools access the IPAM tag information. Utilizing these tags, processes can be implemented leveraging their information and integrating it directly into other tools. The execution of these processes can occur on an ad-hoc basis during initial configuration or maintenance, or be scripted to keep the tool in sync with changes in your environment. Examples of common use cases include:

  • Creating asset groups based on location or application
  • Targeting applications for vulnerability assessment
  • Creating custom rules or triggers in SIEMs based on application
  • Configuring event tuning based on application or device type
  • Assigning events directly to business owners
  • Developing deployment strategy
  • Generating vulnerability or compliance reports based on business owner

Whether calculating risk in a governance, risk and compliance (GRC) tool or targeting assets to patch in your software update management (SUM) program, you must understand what is on your network. In these situations it’s not time to reinvent the wheel; reach out and collaborate with the individuals that manage this information every day!

Making It Better

Entering into a relationship with the owner of your organization’s IPAM solution cannot be a one way street. Information security will have access to a wealth of information that other teams are responsible for managing and maintaining. With different use cases for this data, information security professionals have the ability to uncover errors in tagging and other misconfigurations the IPAM tool owner may not have the resources to identify. Developing a relationship where security works in conjunction with the tool owner enables the organization to build an accurate IP management framework. The dissemination of this information throughout the organization matures the organization’s IT practices as a whole and can directly improve IPAM and security point solution’s performance.

Related Blogs

April 16, 2015

East-West Visibility: Seeing the Peripheral Threats

East-west visibility refers to the ability to see traffic or malicious activity that is contained within your network. After an internal or external a...

See Details

April 20, 2015

Leveraging IPAM in your Security Program

Internet protocol address management (IPAM) is a task often reserved for the networking or telecommunications team, and most security practitioners ar...

See Details

February 19, 2015

Improving Patch Management, A Measured Approach

Organizations face a daily barrage of new vulnerabilities identified in a host of applications and operating systems. Through the deployment of a soft...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

November 12, 2014

Empowering the CISO

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” leve...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

August 24, 2017

Enterprise Incident Management Brief

Learn how Optiv’s workshop helps security leaders evolve their technical incident response practices to broad scope enterprise incident management.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.