This article highlights the key factors to consider when implementing the product in a large IT organization. By addressing these areas in advance, you can facilitate a more efficient startup process and ensure you are fully oriented once everything is set up.
Asset Structure & Tags
Begin by entering all assets you plan to scan into the Asset Manager and create tags to organize these assets effectively. The more comprehensive your tagging is from the outset, the better prepared you and your team will be once scanning is complete. Tags play a crucial role across all functionalities of the product, enabling you to implement user team restrictions based on specific tags, conduct scans, generate tailored reports, and develop remediation plans. While tagging can be performed retrospectively, it is highly advisable to establish detailed tags from the beginning for optimal efficiency in later stages.
Tags frequently used by our most successful customers
- Type of network, i.e, External, DMZ, Internal, Servers, clients, etc.
- Location, i.e, country or city.
- Area of responsibility describes which team or person owns the responsibility for the asset.
- Internal priority scoring. Specific system classifications, etc.
If this has not been implemented in the organization, you can take advantage of our business impact setting.
Useful links about Tags
What is a tag and how does it work?
Scanner Appliances & Scans
In large IT environments, managing a vast number of host assets presents inherent challenges. Depending on your scanning objectives and frequency, you may find that a single Scanner Appliance is insufficient to complete all scheduled scans within a week. Additionally, there are limitations on the total number of IPs that can be included in a single scan run or schedule.
To address these challenges, it is advisable to increase the number of scanner appliances and conduct multiple scans in parallel across different devices. Generally, a Scanner Appliance should only run one active scan at a time to ensure efficiency and accuracy; while it may be feasible for smaller organizations to run multiple scans concurrently, this practice is best avoided in larger setups.
Read more in-depth
This article covers more details about scanning huge networks and how to benefit from more scanner appliances or added hardware resources.
https://support.holmsecurity.com/knowledge/what-are-the-general-requirements-and-practices-for-scanning-large-networks
Users & Teams
The Teams feature enables you to effortlessly assign roles and delegate permissions to various users, thereby streamlining your workflow and enhancing overall efficiency. As you plan the implementation, take the time to thoughtfully consider how your organization will be structured within the product and determine which teams and individuals should have access to specific information.
A well-structured approach from the beginning will enable your teams to concentrate on addressing vulnerabilities rather than navigating through excessive data. Generally, adopting a minimalist strategy is beneficial; grant each team access solely to the results and tickets related to their systems. This focused access will allow them to work more effectively and efficiently. Consider implementing Single Sign-on (SSO) if you have many users.
Users & team highlights
- Team Structuring
Organize your users into distinct teams within the product. Set up multiple teams for your users, aligning the Security Center closer to your organizational responsibilities. - Roles & Permissions
Assign specific roles and permissions to each team, controlling your users' access to different parts of Security Center. - Tags and Permissions
Assign specific tags to a team along with permissions, giving users access to assets with the applied tags. - Divided Permissions
Efficiently divide and control asset permissions across your user base.
Useful links about teams:
How do I set up teams?
How to assign permissions using Teams?
How do I use Tags for Asset permissions with Teams?