Software Asset Management & Cyber-Security
Software Asset Management is not merely about managing compliance, it is a very broad field covering all the key aspects of software management – purchasing, deployment, maintenance, utilization and optimization of software assets. Following the recent Ransomware attack that has affected thousands of organisations around the world, we spoke to David Chamberlain, License Dashboard General Manager, SAM Services, about how an effective Software Asset Management solution can help to reduce the risk of your organisation being affected.
How can the use of a software asset management tool help to reduce the risk of a cyber-attack?
“Often the tool providing the software and hardware deployment data is also capable of performing other tasks such as software deployment, software removal, patch and update management. The recent ransomware attack exploited a vulnerability in a Windows Server component that was fixed by Microsoft and a patch provided for many operating systems. These patches or updates can be downloaded and automatically deployed by the systems SAM tools hook into.
“Whilst Microsoft did later release a patch free of charge for unsupported or legacy operating systems these were all at risk for a significantly longer period. Good SAM tools will always advise you of deployments for versions of software that are no longer supported by the vendor so that you can understand these risks and the level of them to your business.”
Can Software Asset Management assist in ensuring your anti-virus software is up to date?
“Many clients’ antivirus packages are automatically managed and maintained by a centralized system or orchestrator that is constantly polling the device to ensure the antivirus client is up to date. There are always exceptions to the rule such as remote workers, kiosks and mission critical servers where client updates are less dynamic so of course the SAM tool can behave like a second pair of eyes that can track and report on the client versions deployed so that outdated instances can be highlighted.
“It should be noted however that it is equally important that the virus definition database is up to date and this is typically managed by the antivirus orchestrator or management console.”