Asset discovery is critical when it comes to security, because it’s a way of identifying all the devices that are connected to your network and seeing what versions of the software they are using. Asset discovery may be as simple as using a ping command to sweep across the network to see what devices respond to more complex discovery technique to identify asset’s connected applications. There are two types of scans you can do, passive and active. Passive discovery doesn’t require specific configuration or scanning methods like active and has minimal impact on the network. While active scans provide more details and are more comprehensive, it’s usually too expensive and resource consuming. NIST 800-53 provides more information on automated detection and information system monitoring.
Passive asset discovery is important to highlight because unlike active discovery method, it’s less intrusive and doesn’t disturb live network that businesses rely on. It works by listening for devices that comes online on the network, usually by looking for ARP request. Passive discovery is on continuous mode and requires no manual intervention once it’s properly set-up. It can identify unknown devices, monitor user activities, and notify admins when there are any unauthorized usage of assets or unknown devices that are connected. It works by pulling historical data, so it’s a way of identifying a incident that has already happened and isn’t a good way to capture assets that doesn’t generate messages. However, it’s a quick and efficient way to get network architecture information without having to query each asset individually and requires less resources.
HansITAcademy 