With a new wave of devices like IoT and OT, the fourth industrial revolution has created some unique issues and use cases for cybersecurity personnel. Such assets haven’t previously been connected to a network with direct internet access, but new network configurations and cyber threats have made these types of devices just as vulnerable as other IT devices. Agentless asset discovery can be used with these devices, in order to ensure that they’re secure on the network.
What is Agentless Asset Discovery?
Agentless asset discovery is the process of cataloguing each device on your network, without software installation onto each individual device. Agentless asset identification is via DPI (Deep Packet Inspection) whereby the packet and communications of a device is analyzed. With Inspection of communication flows and the application packets themselves, you can often determine make, model, software load, and even serial numbers, all without installation of an agent.Additional enrichment of this data, and further classification by machine learning and compared to a catalog of millions of devices allows for accurate device identification and classification.
Let’s look at a common, modern network use case. An employee at a sporting event receives an urgent work call. The employee uses his tablet to connect to the company network to view current information about the incident. Passive agentless asset discovery picks up this device as it monitors the network and collects metrics, such as manufacturer, make, model, and operating system. It also validates that the device hasn’t been exposed to known threats or vulnerabilities. The passive agentless discovery solution can also validate the OS, including patch levels and application inventory.
Agent vs Agentless Discovery
Agent-based asset discovery is using one or more agent software installations on the target system(s) to collect information and metrics about the target system and send that data to a centralized monitoring system, such as a hub, a collector, a server, etc. Typically, agent software must be manually installed on each target device via direct installation on the physical asset or remote installation using SSH, RPC, or other comparable methods. Some agents may be able to be installed via automation, but these agents aren’t available with all agented discovery solutions.
Both agent and agentless asset discovery collect asset information and metrics. However, agent discovery is more in-depth because it is installed directly onto the device being discovered, but it comes with a much greater deployment and maintenance overhead. Agentless discovery offers the luxury of not needing to be deployed onto each device, so it offers better resource and time efficiencies.
Performance latency must also be considered, especially in older legacy devices. While agentless discovery can cost more network overhead and can be dependent on network conditions, it does not require an agent to be deployed. Older legacy devices may not be running the right operating system to support an agent. In addition, newer devices like IoT, IoMT and OT also cannot support an agent because of the limited software footprint and performance latency impact.
Support Device Variety with Agentless Discovery
Almost any device in your network environment can be discovered using agentless discovery. There are certain situations when agentless asset discovery is clearly your best—or sometimes only—option. For example, the growing use of assets can only use agentless discovery since they simply can’t have an agent installed. Such assets include IoT, OT, and medical devices (IoMT). But whether or not the agent can be installed on the device isn’t the only consideration. In some cases, the costs, time, and/or resources associated with agent discovery for every device simply could be too high. By utilizing agentless discovery, you can meet asset discovery requirements in the most effective and efficient manner.
A solution like Ordr means your organization can rapidly discover all its assets, classify them based on type and function, and then assess them for risk. Using a product developed by Ordr allows your organization to build the most accurate and comprehensive asset inventory of what’s in your network, and identification of key risks, without impacting business operations.
Asset Transparency on a Network with Agentless Discovery
With agentless asset discovery, you gain real-time visibility to assets in the organization’s domain. Such discovery allows your organization to gain highly granular insights about the devices on the network and use those details to monitor for potential security issues.
A robust solution with agentless asset discovery makes it possible for you to dynamically create and impose segmentation on devices that are deemed high-risk. It also delivers the means to identify the compliance and risk postures for devices in the network. A solution, like Ordr, can also integrate the asset inventory with CMMS and CMDB databases for asset reconciliation, and in order to trigger workflows for any vulnerabilities that need to be addressed. Furthermore, it provides an integration with Active Directory to establish context on what device the user is on and use duration.
Monitor Traffic Flows Between Devices
Agentless asset discovery delivers unified monitoring of traffic flows between the devices connected to the network. It can classify both managed and unmanaged devices, which allows your organization to monitor the traffic flows of all connected devices. This traffic monitoring can baseline communication patterns, identify anomalous traffic such as communication made to malicious sites outside of the organization—including traffic to known security threats like malware or phishing sites, and deliver an audit trail of the device communications with other network systems.
You can’t secure what you can’t see, or don’t know about. This unified view and complete device visibility, including traffic flows, is the first critical step for your cybersecurity strategy. Ordr uses agentless asset discovery that doesn’t interfere with device function and employs device behavior monitoring using machine learning to create a flow genome—a conversation map of the communications pattern of every device connected to the network. This flow genome also learns the network topology and provides security personnel and networking groups the information they need to analyze monitored traffic. Ordr makes it easy to determine what devices are currently doing, identify their unique risk scores, and discover any vulnerability gaps.
Identify Vulnerabilities and Meet Compliance
Continuous asset monitoring is crucial. When your organization performs asset management and monitoring periodically, or as a “point-in-time” audit, it can lead to security gaps as a vulnerable device may be offline during the designated period. This visibility gap can lead to potential security issues, if the vulnerabilities on those devices are not patched. For many organizations, inventory management is performed as a periodic point-in-time audit. When you have continuous, up-to-date information, you gain greater security coverage and prevent device use if they’re not in compliance.
Ordr provides continuous asset discovery and allows you to drill into non-compliant devices and isolate them from the organization’s network. Our solution also monitors devices for risks like active threats, anomalies, bad URL/site connections, or known vulnerabilities. With Ordr, you have the complete picture of all devices on the network, including ones that belong to visitors or contractors.
Agentless Discovery and Your Organization
Agentless asset discovery gives your organization flexibility and real-time asset information for all the devices in the company’s network. It provides the ability to monitor vital traffic, identify security risks, and assist with meeting compliance or industry regulations. With a unified view of your assets and traffic at any point in time, you can detect behavior changes before a cybersecurity threat is executed.
Organizations gain a plethora of advantages from a complete, up-to-date asset inventory of devices connected to the network in real time. Ordr delivers a unified view of all the managed and unmanaged assets on your organization’s network, including IoT, OT, and IoMT devices. Not only does Ordr allow individual device behavior monitoring, but it also ensures that your devices behave as they should, based on their uniquely defined behaviors. With the added ability to integrate with your organization’s existing applications, like ITSM, CMMS, or CMDB solutions, Ordr helps you get more value out of your existing investments.
Interested in Learning More?
Subscribe today to stay informed and get regular updates from Ordr Cloud