There are numerous tools that will scan assets in an enterprise network and provide context to include dependencies. It will ultimately create a map and show you live devices on your network and notify you if the infrastructure changes in any way to include configuration changes. One should be able to track all IT assets like servers, virtual machines, printers, routers and switches, load balancers, and more. Vulnerability and network scanners provide valuable insight into all the devices it scans and automatically aggregates and correlates all the data to deliver a comprehensive report for cybersecurity analysts.
Vulnerability scanning tools focus on looking for exploit flaws and provide remediation actions for the identified vulnerabilities while network scan tools discover and collect information on all devices attached to the network. Tenable and rapid7 are examples of vulnerability assessment tools and nmap and solarwinds are examples of network scanning tools. There are two primary network scans, active and passive. Active sends a probe to each IP while passive doesn’t actively ping. Passive scan is also known as packet sniffing and is designed to search communication packets that traverse a network segment.
Network scanning tools use discovery protocols like SNMP and LLDP to compile and inventory all devices attached to the local network. Agent based scanning requires an agent to be deployed on individual machines to obtain a profile of the device. This may be a better way to get a rich context of the endpoint machine but requires more work. A device fingerprint or machine fingerprint is simply a software and hardware detail used to identify a machine. Companies use fingerprinting as a security measure to stop attackers. Fingerprinting includes details like the operating system type, device model and number, battery level, system uptime, installed plugins and much more.
HansITAcademy 