CyberSecurity Asset Management (CSAM) categorizes hardware assets based on an internally developed classification/ categorization system. The categorization, which gives the user an idea about the primary function of the product, has been derived from standard industry terms as well as other well-known industry classification systems.
It follows a two-level classification system – namely Level 1 Category and Level 2 Category
- Level 1 category: Major/ broad category to which the hardware asset belongs.
- Level 2 category: Subcategory, i.e specific to the product’s primary function.
Examples:
a) "Lenovo ThinkPad P50 20EN001LUS " → Computers / Notebook → Level 1: Computers, Level 2: Notebook
b) “Fuji Xerox ApeosPort-IV C7780” → Printers / Multi-Function Printer (MFP) → Level 1: Printers, Level 2: Multi-Function Printer (MFP)
CyberSecurity Asset Management (CSAM) is capable of categorising hardware assets related to IT, OT, IOT/ IIOT. There are currently 19 Level 1 categories and 90 Level 2 categories for classifying hardware assets.
Current owner of the Hardware product.
Example:
For Dell Inspiron 5447
Manufacturer: Dell
Name of the Hardware product
Example:
For Dell Inspiron 5447
Product: Inspiron
Model name/number as defined by the manufacturer
Example:
For Dell Inspiron 5447
Model: 5447
When it is mentioned "Unidentified" under the Level 1, Level 2 category or Manufacturer (or under all three of them), this means that relevant/accurate information for these attributes cannot be determined from the discovery. Below are the possible scenarios:
1) Manufacturer and Level 1 category is present, but level 2 is Unidentified
Category: "Networking Device / Unidentified", Manufacturer: "Juniper Networks"
2) Manufacturer is present but both Level 1 and Level 2 are Unidentified:
Category: "Unidentified / Unidentified", Manufacturer: "Lenovo"
3) Manufacturer, Level1 and Level 2 all three are unidentified:
Category: "Unidentified / Unidentified", Manufacturer: "Unidentified"
Lifecycle information provides key milestones and dates related to the support for an asset. CSAM currently has lifecycle information for over 100 hardware manufacturers and over 45,000 models.
Note: Qualys is continuously adding new hardware manufacturers, products and models. So these numbers are subject to change.
Exact and Estimated Life Cycle:
Key manufacturers such as Microsoft, IBM, Cisco, Oracle, HP, HPE, Lenovo and VMware among others have well documented support policies and support dates published for majority of their products. CSAM team continuously tracks and curates data from these sources to provide lifecycle information in a standardized and structured format.
However, support information may not available publicly and it is difficult to determine the exact date when the model will become obsolete/ unsupported. For such cases, CSAM provides its users with estimated support dates. These estimates are derived from standard support time frames followed across the industry. In such cases, users will see the label ‘estimated’ against lifecycle information. Some of the hardware manufacturers do not publish the support dates for their products at all, such as Acer, Asus, Dell, Dell EMC etc.
Lifecycle Data Points:
- Introduction Date: This date corresponds to the day on which Hardware product or model was introduced/launched by its manufacturer.
- Generally Available or GA: Indicates that the HW product or model is available for purchase and is actively supported by the manufacturer.
The date mentioned corresponds to the day on which the product or model was made generally available.
- End-of-Sale or EOS: Indicates that the hardware product or model is no longer available for sale from the manufacturer but is still supported.
The date corresponds to the day on which the product or model reaches End of Sale
- End-of-Service or OBS: Indicates that the hardware product or model is neither available for purchase nor is it supported.
The date corresponds to the day on which support for the product or model ceases.
- Not Applicable: Indicates specific product or model not found.
- Unknown: Indicates that lifecycle information for the hardware model is not published by manufacturer nor can it be estimated.