Co-authored by Antonio Gallotti.

Having an up-to-date inventory of the software installed on physical computers and virtual systems is of strategic importance for every company to control software costs, reduce the efforts of reporting activities needed during audits and minimize the financial exposure stemming from software overlicensing.

At the same time, an accurate software inventory, which is also capable of tracking the real usage of the installed software, is key to understanding whether the discovered and licensed software is still actively used. If the identified software product has not been used, then an optimization effort can be initiated to determine whether the identified software instance is still necessary. This may eventually initiate the process of uninstalling unused software instances, which can reduce unnecessary spending in license and support costs and avoid the associated maintenance activities.

The Benefits of a Software Inventory Solution

All the above benefits can be achieved with a good software inventory solution, which accurately and continuously detects software components and their usage. But there is more that can be achieved from such a solution than the value it offers in the software asset management (SAM) space.

There’s been a long-held belief that counterfeit or unlicensed software can facilitate cybersecurity attacks. More and more independent studies have confirmed the link between unlicensed software and malware on PCs, including a survey from the Business Software Alliance. While all types of software may bring some security risk into the enterprise, the unlicensed software increases such risk significantly.

The accurate software inventory tool can also be used for mitigating security risks. Specifically, a software discovery solution like the BigFix Inventory gets enhanced and optimized to collect raw data from more systems more frequently and in more depth. It is possible to leverage such a solution to also provide early indications of potential security exposures on the physical and virtual systems.

The early visibility into executable binary files residing on all enterprise endpoints — and the ability to optionally gather additional metadata that is relevant to security, such as cryptographic hashes and ownership or execution rights — will enable early threat detection for malware. It may also improve the integrity and nonrepudiation of the discovered software and enhance the detection of deviations by unauthorized modifications.

Learn More at InterConnect

The InterConnect 2016 session “Support Data Security Analytics with IBM BigFix Inventory” will describe in greater detail the augmented software discovery and usage detection capabilities of BigFix Inventory. It will also touch on the new opportunities the platform is enabling, ensuring the solution can be used not only to achieve the aforementioned SAM scenarios and inventory reporting goals of the IT department, but also to mitigate security risks and trigger early threat investigations of the security department.

The session also plans to cover how to properly configure and tune the solution in a large-scale environment, pointing the audience to the available scalability guidelines documentation. Attendees will learn how the REST-API can best enable cross-product and custom integration with consumers of discovered raw data.

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…