You have a pretty good idea of what your major personal possessions are. Your house, your car(s), your TV(s), your furniture.
You know what your wardrobe consists of, both the things you wear regularly, as well as your old uniform or letter jacket, and that Christmas sweater you wear as a courtesy to Aunt Mabel who spent all summer in ‘92 knitting it.
Contrast this with your situation at work, in which you know what you bought - servers, PCs, VOIP phones, printers - because you have invoices to prove it. What you don’t have is a comprehensive picture of what’s actually hanging off of your network. Why is that?
- What you bought and what actually gets deployed can be two different things. Maybe Alice didn’t need a new system, or is loathe to upgrade, so what you bought is sitting in a closet.
- The company allows people to connect their own devices to the network as a means of boosting productivity (and reducing costs). That’s 10s/100s/1000s of devices that you know very little about and don’t control.
- The company allows certain senior people like Bob to use his budget to buy IT if it helps him get the job done, and he doesn’t have to tell you about it.
But look, you know what you’re responsible for and you’ve taken steps to protect those devices and the data they process. You’ve got endpoint protection, and a network monitoring solution, and all the usual mechanisms in place. Why worry?
- 200 PCs bought does not mean only 200 PCs in use. That 200-seat endpoint protection license might be 3, 5, 10-seats short. One seat short is all a malicious actor needs.
- Those offices that didn’t install the new systems are running systems that are two or more OS versions out of date, and stopped updating A-V signatures.
- 200 employees with 200 mobile phones, none of which have adequate or maybe any defensive mechanisms installed (and even if they did, you don’t get the alerts).
- Bob bought a workstation to help him accomplish his mission, but he didn’t buy any sort of security software to go with it.
- Bob also bought an Alexa, which he promptly connected to both work and personal accounts because convenience.
There is a reason why so many IT organizations depict their infrastructure as a cloud with a few icons of PCs hanging off of it: the average IT enterprise is amorphous and dynamic. Too dynamic to adequately inventory much less secure. It's not like physical plant, where someone would notice if there was a hole in the ceiling or windows were smashed out. Your IT enterprise could be changing by the minute.
Getting a handle on what your IT enterprise really consists of does not have to be difficult, time-consuming, or expensive. Metadata from network traffic (live or pcap), is all it takes. What does metadata tell you?
- All devices that use your bandwidth: what you bought, what people bring, what they don’t tell you about.
- Who made those devices, make, model, OS, firmware, etc.
- Who those devices are talking to, both internally and externally.
- If any of those ‘conversations’ were to known-bad IPs.
- If any of those devices are not protected by A-V or an endpoint solution.
- Data you need to comply with regulations or standards for asset management.
Senrio Discovery lets you identify all the devices in your enterprise, what devices or IPs they’re talking to, over what protocols and ports. Search that data to uncover previously unknown relationships, connections, and devices. Export that data in .csv format for ingest into asset management or other tools. Do all of this on a local system with a representative pcap file that never leaves your system. Try it for free, then start a subscription for as low as $100/mo.
Senrio Insight does everything Discovery does and more, using live traffic on your networks. Continuous IT and IoT asset discovery, awareness, and behavioral analysis. Real-time comprehensive asset inventory. Passive metadata collection puts no stress on your endpoints or network. Deploy on existing hardware or as an appliance. Understand how your devices behave, get alerts when they behave abnormally, export data into multiple formats, and get access to our API to feed all this data to your SIEM, firewall, IDS, asset management system, etc. Subscriptions as low as $4999/year.