Taking Stock of Your Digital Assets with Device Inventory (Activity 2.1.1 “Device Health Tool Gap Analysis”) 

This activity establishes the fundamental requirement of gaining visibility and control over the devices accessing your environment. Organizations must develop an inventory of devices within the environment, and device attributes are tracked. This isn’t just a simple list; it’s about understanding the characteristics of each device. Building on this inventory, the activity requires components to determine and implement tools to gauge device health. 

The outcomes of Activity 2.1.1 lay the groundwork for device-based access control that will be leveraged by other Zero Trust components downstream: 

1. Inventory of authorized and approved devices is created per Component with owners. 

2. Determine and implement tools to gauge device health. 

This activity is the essential first step in extending the “never trust, always verify” principle to the devices that connect to your critical applications and data, ensuring that you have the necessary visibility into the ‘what’ in the access equation. 

Solutions for Achieving Device Health Tool Gap Analysis 

Successfully implementing Activity 2.1.1 requires deploying tools that can effectively discover, inventory, and assess the security posture of the diverse devices within your environment. Several categories of solutions contribute to this: 

Device Discovery and IT Asset Management (ITAM) Tools: 

Manual inventory of devices is possible, but tools are needed to maximize coverage. These tools are foundational for creating the initial inventory. They are designed to scan your network and identify all connected devices – managed or unmanaged – providing a comprehensive list. They help in creating the inventory of authorized and approved devices and tracking essential attributes like device type, operating system, serial number, and often associating devices with owners or departments. A key capability here is discovering assets that might not be managed by traditional agents. 

Specialized platforms like Armis excel in agentless discovery across a wide range of devices, including hard-to-identify IoT, OT, IoMT, and unmanaged IT assets, making them valuable for creating a comprehensive inventory that traditional ITAM might miss. Other ITAM tools from various vendors (ServiceNow) also contribute to tracking and managing these assets once discovered. 

Endpoint Management (EM) and Unified Endpoint Management (UEM) Tools: 

Once devices are discovered, UEM/EM tools are crucial for managing, configuring, and maintaining endpoints like laptops, desktops, smartphones, and tablets. They provide a detailed inventory of devices under their management and track attributes related to their configuration, installed software, patch status, and compliance with organizational configuration policies (e.g., screen lock enabled, specific security settings). While they contribute to inventory, their primary focus is on managing the device lifecycle and enforcing configurations on managed endpoints. 

Endpoint Detection and Response (EDR) and Device Posture Assessment Tools: 

These tools are specifically focused on the health and security posture of endpoints. EDR tools monitor endpoints for malicious activity, but in doing so, they collect extensive telemetry data about the device’s real-time security state – vulnerabilities present, active threats or malware detected, security software status (antivirus running and updated), firewall status, and unusual process activity. Device posture assessment tools evaluate a device’s compliance against specific security benchmarks and policies (e.g., minimum OS version, presence of required security agents). These are directly responsible for “gauging device health.” The data collected by discovery tools like Armis, identifying device types and vulnerabilities, can enrich the health assessment performed by EDR and posture tools. 

How These Solutions Address Activity 2.1.1: 

Inventory of Authorized Devices: ITAM tools, significantly enhanced by the broad discovery capabilities of platforms like Armis for a more complete picture, and UEM/EM tools collaboratively build and maintain the inventory of devices accessing the environment, associating them with owners and tracking key attributes. 

Gauging Device Health: EDR and device posture assessment tools provide the critical security-focused data needed to understand the real-time health and compliance status of these inventoried devices. They identify the security attributes that indicate device health. The initial discovery and attribute collection from tools like Armis can provide the necessary context for these health assessments. 

This activity is purely focused on establishing visibility and assessment capabilities for devices. The data collected by these ITAM, UEM/EM, and EDR/Device Posture tools – the comprehensive inventory and the detailed health status – becomes a critical input for other Zero Trust components, particularly the policy engines that will make access decisions based on device trust in later activities. 

The Technical Buyer’s Device Visibility Mandate: 

Activity 2.1.1 is your entry point into securing the device access vector in your Zero Trust architecture. It’s about moving beyond the traditional perimeter and gaining granular visibility into the ‘what’ of every access request. This requires implementing dedicated solutions for device inventory (ITAM/UEM, enhanced by agentless discovery from tools like Armis) and device health assessment (EDR/Device Posture). For technical buyers, successfully completing this activity means procuring and deploying the right combination of these device-centric tools to create that foundational inventory and establish the capability to continuously monitor and assess device health, setting the stage for device-aware access controls in your Zero Trust journey.  

Pillar: Device 

Capability: 2.1 Device Inventory 

Activity: 2.1.1 Device Health Tool Gap Analysis 

Phase: Target Level 

Predecessor(s): None 

Successor(s): None