Malware, MSP

Why Asset Intelligence Defines the State of Cyber Today

COMMENTARY: When a business is founded, the immediate needs for technology are minor. It usually involves getting a domain name, setting up email and using a laptop. In a perfect world, every step after that would follow a structured plan, like building a house: architect the design, approve the blueprint, then construct to specification.

The reality: As the business grows, the technology and security stack grows organically to meet requirements and address risks. Even teams that start with a strong architecture quickly find themselves stretched by the blistering pace of the business pushing the stack from organized growth to organic expansion.

Why is this the norm?

The line between business, IT, and security is blurry. Modern businesses run on technology, and IT is deeply involved in day-to-day operations. Security overlaps even further. IT and Security teams end up squeezed between two forces:

·      The business serving a growing customer-base that demands attention.

·      The threat actor finding the path of least resistance that also demands attention.

So how can we make sense of IT & Security if they are both getting sandwiched in a vice that grows tighter and tighter?

Introducing the Cyber Resilience Framework

There are many established security and IT frameworks (ITIL, CIS Controls, NIST CSF), but what’s often missing is a unified way for IT and Security to work together. The Cyber Resilience Framework helps create that alignment by simplifying cyber operations into two major regions divided by a single event:

Boom!

Boom is when the unexpected happens in cyber, also known as an incident. Here are a few examples:

·      A slowdown or outage due to insufficient system capacity.

·      An outage caused by an unintended configuration change.

·      Initial access gained by a threat actor.

Everything before boom is proactive work that reduces the possibility of incidents and prepares for the moment they happen. Everything after is reactive. It’s the rapid detection, response, investigation, and recovery needed to restore services quickly and limit impact.

The Four Quadrants

This results in four quadrants.

The top two quadrants focus on observability and orientation to build situational awareness. The bottom two focus on deciding and acting to drive informed actions. This structure is inspired by a concept coined by Air Force Colonel John Boyd of the OODA Loop (Observe, Orient, Decide, Act).

Left of Boom: Preparing for Resilience

This region covers all proactive practices that reduce the likelihood and impact of incidents.

Asset Intelligence Quadrant (Observe and Orient)

Asset Intelligence builds situational awareness. It means knowing:

·      Systems in the cyber stack

·      Identities & assets across the systems

·      Configurations & vulnerabilities across all of IT

·      And how all of these are changing over time.

When teams operate from facts, not assumptions, they make better decisions and build a stronger basis for everything that comes after.

IT and Attack Surface Management Quadrant (Decide and Act)

Once you understand your environment, you can manage and protect it more intentionally. This includes:

·      Properly provisioning identities and systems

·      Enforcing configuration standards

·      Hardening, patching, and monitoring systems

·      Reducing exposure across the attack surface

This quadrant translates insights into action, improving reliability, and reducing risk.

Right of Boom: Responding With Clarity

Even the best-run environments experience incidents. Resilience relies on how quickly and consistently teams can detect, respond, investigate and recover from these incidents.

Detection and Analysis Quadrant (Observe and Orient)

This is the ability to spot issues early and understand what is actually happening. It includes:

·      Endpoint, network, and cloud monitoring and detection

·      Security logging and alerting

·      Gaining context from the activity and asset data

·      Conducting investigations and root-cause analysis

This quadrant separates real threats or failures from the noise.

Incident Response Quadrant (Decide and Act)

Once an incident is confirmed, cyber teams work to:

·      Contain the impact

·      Restore operations quickly

·      Make necessary improvements

An effective response turns disruption into lasting resilience.

Why Asset Intelligence is The Point of Leverage

Asset Intelligence is achieved when we begin with situational awareness to architect, identify, and assess so that we can provision, manage and protect cyber with full observability and orientation. So how does this connect with an evolving tech stack?

Since we can't start from a clean slate, we need to make sense of what we have now.

·      The cyber stack for a business is composed of various systems.

·      Each system encompasses one or more cyber assets.

·      Cyber assets are defined as items such as devices, users, software, data, etc.

Having strong situational awareness of the complete cyber stack, the systems and the cyber assets is essential for driving informed actions for the business.

Getting Started With Asset Intelligence

1.        Define the systems in scope.

List the core systems that make up an environment.

·      Identity platforms

·      Infrastructure (cloud and on-prem)

·      Networks and endpoints

·      Applications and SaaS

·      Data and backup systems

This creates a shared playing field for IT and security.

2.        Identify the assets within those systems.

For each system, identify:

·      Users and service accounts

·      Devices and workloads

·      Software and configurations

·      Policies and permissions

3.        Establish a single source of truth and classify assets by impact.

Choose one location where all information is collected and reviewed so that the entire organization is operating from the same reality. Then, proactively prioritize assets based on:

·      What supports critical business functions?

·      What creates the most risk when misconfigured?

·      What changes the most frequently?

4.        Make Asset Intelligence a continuous practice.

The cyber stack is always changing, so review it as part of routine operations, not one-time projects.

Rather than being an end state, Asset Intelligence is the practice that enables every other part of cyber resilience to work with speed, clarity, and confidence.

The Path Forward

When IT and Security teams use Asset Intelligence, decisions get sharper, actions speed up, and resilience becomes possible. By focusing on clarity, consistency, and ongoing practice, organizations boost their ability to handle disruption from today’s threats.


ChannelE2E Perspectives columns are written by trusted members of the managed services, value-added reseller, and solution provider channels or ChannelE2E staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].

Joe Alapat

Joe Alapat, CISSP, is a successful entrepreneur with more than two decades of experience managing IT infrastructure for large enterprises, mid-market companies, and small-to-medium sized businesses (SMBs) under the care of an IT managed service provider he owned, operated and sold. Following his exit, he founded Liongard to address the growing IT Service Provider challenge of managing and securing modern IT at scale with strong visibility, automation and insight. At Liongard, Joe is focused on delivering a truly modern approach to managing and securing modern IT environments. CRN honored Joe as a Channel Chief in 2020, 2021, 2022, 2023, 2024, and 2025. He graduated with honors from Trinity University with a Bachelor of Science in Computer Science and is a Certified Information Systems Security Professional.

Related Terms

Adware

You can skip this ad in 5 seconds