Edgetech Appliances collect network information for each asset in the network or segment it is installed in. Some examples of the data collected include:
- SNMP traps
- DHCP fingerprinting
- HTTP user-agent
- TCP fingerprinting
- Poll Network Infrastructure via SNMP
- CLI – get MAC/ARP tables and PoE details
- Monitor RADIUS requests
- MAC classification database
- vSphere and EC2 integration
- CMDB or other external data source
This data is then transferred to the Hub from each appliance. The Hub collates the data, verifies if there are any changes as compare to the last Vulnerability Scan from the appliance, and then queries Subex Secure’s update center against the centrally managed database.
If a device is not found in the database an alert is triggered to Subex’s threat research team, who will then collect all the logs and manually identify the device and update the database.
The VM module can be configured to collect device information using two methods.
Analysis of converged network traffic through a span port or tap to identify endpoints and traffic patterns while creating no additional network traffic and has virtually no risk of disrupting critical processes by interacting directly with endpoints. The passive scan identifies some or all of the following attributes of the device:
Device Name, IP, MAC address, VLAN, Manufacturer, End of Life (EOL), End of Service (EOS), Device Image, known CVE list for the Device.
Smart Probing is deployed when information regarding the device such as exact firmware and the CVE specific to the device and the firmware. Smart Probing is done using by accessing the device and querying it for parameters, depending on the type of the device this querying could occur using telnet, SNMP, CLI, etc. The Vulnerability Management module can integrate with a privilege access management (PAM) or Active Directory system to control the access to the device. With Smart Probing the attributes such as Firmware, Firmware Version and Firmware CVEs over and above the ones discovered through Passive Scan are discovered.
Key Parameters –
Number of Devices in the Central Device Database: 40,000+ platforms (there could be multiple entries for each platform corresponding to firmware versions)
Device Domains: IT, IoT, OT, Industrial, Utilities, Critical Infrastructure, Oil and Gas and Medical
CVE listing source: cve.mitre.org
Scan interval: Configurable (default 1 a day)