One of the many challenges in an IT manager's working life is knowing what's happening on the network at all times. That person is responsible for this. It must find a way to ensure this. Without having a negative impact on network traffic, of course. The information collected must also not fall into the wrong hands. It must be continuously analyzed and checked which IT systems are in use, which protocols are used and which systems communicate with each other. Which data is transferred to third parties and which data enters the network from outside. All of this must be able to be evaluated at any time. This also applies retroactively for a specific period of time. Especially when it comes to personal data, this must be documented and archived, as the data protection officer Take care of that already.
The person responsible must therefore find a middle ground to meet legal requirements. Even though they seem to be competing with each other. Depending on the size of the company, you will not be able to avoid using software. But does a new tool have to be introduced again for this?
It depends. Do you have that Docusnap documentation tool In use, then you can also use Docusnap for this task. This allows the necessary documentation for a network monitoring are carried out and new systems are also being searched for.
Inventory data not just for IT documentation
If your network is not that big, then you might know all of your IT systems. A new system immediately catches your eye. You can search for devices using the inventory scan of IP address ranges. As a result, you can analyze whether there are IT systems in the network that have not been put into operation by the IT department. In order to have as up-to-date an overview of the IT systems used as possible, the frequency of the necessary inventory must be weighed against the resulting network traffic.
If you do not allow foreign devices on your network, then a system could be noticed just by the device name. Put on in the company Bring your own device (BYOD), then of course that doesn't help. But then you don't have to search for other devices, you have allowed them. Have fun fighting unwanted software and network sniffer to protect. Apart from all other compliance issues.
If you only allow company-owned devices, which I hope you do, then you can also use your inventory data from Docusnap to find new systems. This gives you added value because you don't just use the data for your IT documentation. About the IT relationships The communication channels known to you and therefore approved can be documented. This gives IT a basis for testing network traffic with appropriate tools.
Using network sniffers
In order to review this documentation, it is now necessary to verify that the information is complete and complied with. In addition, you need to use a network sniffer such as Wireshark not around. However, using such a “hacker tool” in a productive network is not entirely problem-free. On the one hand, IT is required to have an overview of the supported network. At a minimum, she must know which IT systems communicate with each other via which protocols. In order to be able to check this, the IT manager can hardly avoid permission to use such a tool. On the other hand, IT can of course obtain information that it should not actually have access to. Traffic would therefore have to be encrypted. Unfortunately, this cannot be fully configured for all IT systems. Not an easy situation.
Proper processes provide a better overview
Have you established a process for orderly change management that regulates the installation of hardware and software or the commissioning of new IT systems? Despite all work instructions and regulations, you unfortunately need a viable way of monitoring their implementation. What you can't measure, you can't manage. You can therefore not manage your network if you do not measure (analyze) whether only known and intended communication takes place in your network. In doing so, you should ensure that you are as transparent as possible internally. Otherwise, you run the risk of being suspected of monitoring your users. But you don't want to do the work for the state secret services. J
Users are usually completely pain-free when using software. If they could do what they want, then everything would simply be installed. Also gladly using license keys that were generated with the help of crackers or that were obtained from appropriate websites. But how should a license management work if the processes are not followed? Thanks to inventory and evaluation of installed software on the computers, you can also track down such things.
As the person responsible for IT, you only fulfill your required due diligence if you know what is happening in your network.