Right, good points. However, having an accurate inventory of servers is not that difficult. That should be a no brainer really and if they need to, just get an inventory program!
It's not inventory that's the problem. The word is "Configuration".
In a perfect world every administrator will document every single change they make to a system. All companies worth their salt have a configuration database, usually linked to an inventory database.
However in the real world the biggest changes are always documented. Most smaller changes will also be documented, but sometimes things get forgotten. (ITIL is the framework used in most organizations around the world)
And its the build up of these " forgotten" changes that can lead to a misconfiguration down the road. Which can then lead to a breach.
That's presuming the attacker finds a way in via a misconfiguration and not a 0-Day or software bug In the application/appliance that hasn't been fixed by the vendor or unpatched by the user.
I agree with what you guys are saying (if only it was so easy) but you have to keep in mind the scale here and the amount of people and processes involved.
Keeping human error to a minimum at home is easy. Try adding 1000 boxes and 100 full time staff and a 24/7 uptime policy and try to keep everything 100% perfect. Not easy.
PS: I might add in that's its VERY BAD when data gets stolen and there is no excuses. But the reality is that anything attached to any network is vulnerable by design.
Facebook
Twitter