Huh, Where did that go and where did it come from? Cotton Eye Joe

If you haven’t realized it from the other blogs my family likes tomatoes. Balls of pure joy and deliciousness, except for cherry tomatoes. Those things are gross; gross to eat and gross to pick, only because the plants are so prolific. It seems like every time I look at cherry tomato plants there are hundreds of them on there ready to be picked, no matter if I harvested them that morning. Back to the matter at hand though. We plant a lot of tomato plants, one year we planted over 300 in the garden. After the tomato season was over we swore never again, that was too many to weed and keep straight. But when the nursery has 10-cent plant sales you kinda have to go crazy, it’s pretty much expected.

So that year we kept buying and planting tomato plants. Each new flat we purchased came with the little plastic marker stating what type of tomato plant you have, how to care for it, and how long until you will have yummy red goodness. When we got the plants, we would go to the flat and into the ground with that little plastic marker planted with the first plant, and when you got done with that flat and went to the next there was a new little plastic marker, and so on. After we got them all in the ground we looked over the garden and saw that it was good. Then commenced the caring; watering, weeding, staking, etc. Until at long last, the heavenly fruits were ready to harvest.

That year we thought we had planted all the tomatoes in the same garden space. Colloquially known as the ‘north of barn’ garden. As opposed to the South of Barn garden, or the shed garden, but when walking around and checking on the gardens and plants we noticed something strange. In the compost pile from the previous year, we saw baby tomato plants, volunteers springing up on their own. We decided to leave them there and allow them to flourish (or perish) on their own. Since they were in the compost pile they actually did really well, the best growing and tasting of the year. And while tasty they were not accounted for in the original plans for the garden.

But then trouble, we go to the first plant and looked for the little plastic marker and at some point during the year it was trampled underfoot, or dug out by an overzealous weeder and hoe, or it wasn’t planted deep enough. So invariably someone would call out, what was this tomato? Is it good for eating or for juicing? Well, we think it is an Early Girl, but maybe it is a jet star, or I guess it could be a beef steak, nah, can’t be a beef steak… In the long run it really doesn’t matter, when it was ripe we were going to pick and eat it. When enough were ripe at once we would set up the juicing station and canner and just can it. The cherry tomatoes were easy to identify at least (about the only good thing they have going for them).

At the end of the year there are things we should have done better to know what tomatoes were what. We could have planted each type in their own row and label that row with more then a little plastic marker, or we could have planted each type in it’s own garden space and written it down in a garden plot notebook. We could also have skipped purchasing so many different types and settled on one tomato variety only.  In the end it was fine, we ate and canned tomatoes and enjoyed them.

While eating tomatoes always results in a happy ending to the story there are times when this situation does not work out. One year I was at a customer site when they were going through a massive life cycle management project of their workstations. They were purchasing and shipping them in hundreds at a time. For each workstation the same process was followed. They arrive on the dock, it is entered into the inventory database, then a user is notified of their pending LCM upgrade, a workstation is pulled from inventory, that device is then assigned to that user in the database. The new workstation is configured, deployed, has the data transferred, and the old workstation reclaimed. When the technician comes back the database is updated that the new workstation is deployed and the old workstation is flagged as returned and ready for recycling. At least, in a perfect world that is the process and it is followed every single time. For the most part it was, however, over time a system here was missed being entered into inventory as it came onto the dock, or during the configuration stage an issue came up so it was shelved and a new system grabbed in a hurry to meet the deadline, or when the old system was going to be brought back that customer decided they needed to verify some stuff on it before relinquishing to IT. Maybe a user had multiple systems and only one was upgraded but the others forgotten about. Let’s not forget that little guy deciding to grow from the compost all on his own, or rather a department deciding it can’t wait for IT to get a machine out for a new user so they go buy one on the corporate credit card from the local electronics store and call it done, or the guy who likes his home computer better and decides to use it as a work machine instead of the one he is assigned. At the end of the day there are numerous scenarios that come into play but over time any inventory is going to become off and an inventory true-up will need to be completed.

Back in the old days inventory true-up was completed by sending tech’s out to the floor and having them go desk by desk counting machines and noting where they were and who they belonged to. Just like when we would go through the yard and gardens looking at tomato plants and how they were doing. Nowadays it is so much easier to get an accurate inventory. Using systems like Tanium we can turn on the Discover module and have it find everything on the network and report back to a central database what it found. Using this data we can then compare it to the inventory database and find where things were missed, it can also track down network printers, switches, routers, IoT devices; anything with an IP address on the network. Tanium Discover allows us to automate in minutes what used to take underpaid interns to do in weeks. Depending on the profile used; from simple Pings to full NMAP discovery, is what data is returned and how useful it will be.

Using Tanium Discover we can now go in and flag devices based on specific criteria. No longer do we need to have plastic little markers on a device, we can add a label to it in the Tanium console and forever know that a specific device is a network printer or HAVC OT system. We can also find out where on the network it is, is that HVAC appliance in the main data center network? If so maybe it should be moved to a different subnet dedicated to such devices. Some threat actors have leached onto the IoT devices and used them to gain access to data centers where they have access to the companies’ kingdom. But, using Tanium Discover we can quickly determine what network it is on, know it is in the wrong spot, and then take action accordingly.

As talked about it my Smaug blog data can be good, but only if we end up using it. Hoarding data to just sit on it is bad, it is much better to have the data, review it regularly, then make decisions and act on them.

Some Sample Tanium Discover Use Cases

  • Lost network printers
  • Lost(only to inventory)/unmanaged workstations – if the system is not under enterprise management then chances are very high it has multiple unpatched and outdated tools, let alone insufficient security policies
  • Rogue personal devices on corporate network
  • IOT devices on wrong networks (or unknown IoT devices)

Find your perfect cybersecurity solution.

Foresite Cybersecurity offers a variety of solutions to help organizations find gaps, manage risk, and stay secure.

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.