• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Network Discovery shines a light on shadow IT

June 20, 2016 By Brendan Patterson

Last week we posted about the security and network visibility highlights included in the new Fireware 11.11 release. Today we want to take a closer look at one the major updates that we mentioned, Network Discovery. This new service performs a complete network scan to generate a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Information Security professionals have long understood that the first step in any vulnerability management program is to discover and identify all of the assets and their role in a network. You cannot secure a network that you do not understand. The term “shadow IT” is used to describe people installing and using their own, non-company-sanctioned applications, equipment, and software in the workplace. Here are just a few examples of security risks that could result from unknown devices:

  • An employee brings in a personal device or laptop that does not have the full corporate anti-virus solutions installed and connects it to a network, introducing malware.
  • Old servers or applications installed without IT authorization may not be patched to current secure levels, exposing vulnerable software.
  • Unauthorized or rogue access points may be providing unwanted wireless connectivity, providing an avenue for hackers to exploit.

The best way to understand the new capability is to look at a sample screenshot:

NetworkDiscovery

Network Discovery allows IT staff to map out the network behind their firewall. It uses information from a nmap scan (link), DHCP fingerprinting, HTTP header information, and the new WatchGuard FireClient app. Assets in the network are identified and represented with an icon with the following information:

  • Host Name
  • IP Address
  • MAC Address
  • Type of device – iOS, Android, MAC, Windows, etc.
  • Open ports – and protocols that may be running

Admins can search and filter all device data to zero in on key areas of interest. One click through to FireWatch or Traffic Monitor will provide a clear visual indication of the type of traffic that is passing through the IP address. Admins can mark devices as “known” and assign descriptive names. New or unfamiliar devices will immediately stand out when they appear without names. One Beta tester said: “Excellent feature and the GUI looks good. Found a couple of computers that should not have been on my network.” 

Are you confident that you can identify every device on your network? Find out more. Download the new Tech Brief that describes more detail about the service with more screenshots.

Network Discovery is available on all Firebox and XTMv models. The service is included in the UTM Security Suite for all new and existing customers. We’ve added the new feature key to all current security suite subscriptions on Firebox T or M Series and XTMv. Synchronize your feature key to get the latest license from our WatchGuard Servers and try out the new service today. This short video explains how to synchronize a feature key.

 

Share This:

Related

Filed Under: WatchGuard Articles Tagged With: network discovery fireware fireclient asset service

Comments

  1. CK says

    June 21, 2016 at 12:21 am

    Why wouldn’t you make this available to all Watchguard devices?

    Reply
  2. brendanpatt says

    June 21, 2016 at 9:50 am

    The service is resource intensive and takes time to run a scan. It requires the processing power of the newer Firebox appliances.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use