Co-authored by Antonio Gallotti.

Having an up-to-date inventory of the software installed on physical computers and virtual systems is of strategic importance for every company to control software costs, reduce the efforts of reporting activities needed during audits and minimize the financial exposure stemming from software overlicensing.

At the same time, an accurate software inventory, which is also capable of tracking the real usage of the installed software, is key to understanding whether the discovered and licensed software is still actively used. If the identified software product has not been used, then an optimization effort can be initiated to determine whether the identified software instance is still necessary. This may eventually initiate the process of uninstalling unused software instances, which can reduce unnecessary spending in license and support costs and avoid the associated maintenance activities.

The Benefits of a Software Inventory Solution

All the above benefits can be achieved with a good software inventory solution, which accurately and continuously detects software components and their usage. But there is more that can be achieved from such a solution than the value it offers in the software asset management (SAM) space.

There’s been a long-held belief that counterfeit or unlicensed software can facilitate cybersecurity attacks. More and more independent studies have confirmed the link between unlicensed software and malware on PCs, including a survey from the Business Software Alliance. While all types of software may bring some security risk into the enterprise, the unlicensed software increases such risk significantly.

The accurate software inventory tool can also be used for mitigating security risks. Specifically, a software discovery solution like the BigFix Inventory gets enhanced and optimized to collect raw data from more systems more frequently and in more depth. It is possible to leverage such a solution to also provide early indications of potential security exposures on the physical and virtual systems.

The early visibility into executable binary files residing on all enterprise endpoints — and the ability to optionally gather additional metadata that is relevant to security, such as cryptographic hashes and ownership or execution rights — will enable early threat detection for malware. It may also improve the integrity and nonrepudiation of the discovered software and enhance the detection of deviations by unauthorized modifications.

Learn More at InterConnect

The InterConnect 2016 session “Support Data Security Analytics with IBM BigFix Inventory” will describe in greater detail the augmented software discovery and usage detection capabilities of BigFix Inventory. It will also touch on the new opportunities the platform is enabling, ensuring the solution can be used not only to achieve the aforementioned SAM scenarios and inventory reporting goals of the IT department, but also to mitigate security risks and trigger early threat investigations of the security department.

The session also plans to cover how to properly configure and tune the solution in a large-scale environment, pointing the audience to the available scalability guidelines documentation. Attendees will learn how the REST-API can best enable cross-product and custom integration with consumers of discovered raw data.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today