Which Is Better-active Or Passive Discovery?


Written by:

The words “passive” and “active” network asset discovery for monitoring have grown more commonly as risks to industrial control systems (ICS) have increased. But IT asset discovery isn’t only about cybersecurity; it’s also about excellent network hygiene, crucial to industrialization network viability. After all, how then can you patch or otherwise service devices if you don’t know they exist?

Most organizations start by documenting their assets in google docs, excel sheets, or even notepad and they do this manually. When it comes to updating or checking the renewals or expiry of these assets, they still have to do it manually. This technique works well for organizations that are small and simple. But as companies or networks grow, this strategy becomes faulty. The updating of these lists becomes a full-time job in some situations.

Keeping the above scenario in mind, let’s examine the pros & cons of the two asset-finding strategies.

Physical techniques, also known as the standard network asset discovery, often involve technology that polls equipment across a system classic ping-and-response operation. Ferrando adds they can also leverage discovering devices to fetch back a comprehensive list of associated applications.

The issue with the active discovery tool is that they slow the network down by broadcasting contact attempts to all devices. This issue created by active discovery tool affects time-sensitive networking like industrial control systems (ICS), which is why passive asset discovery tool is becoming more popular.

Using a passive asset discovery tool, which listens for network activity, eliminates network bandwidth use. But it also demands that all devices send messages. This strategy is better because it decreases network use and needs firewall configurations that allow just one direction—and usually on a single dedicated port—traffic.

The Syslog methodology can be employed in passive and active ways. It requires a network monitoring system to capture a Syslog message and build an asset based on the Syslog data. To build assets, the log management platform must be monitored when Syslog is broadcast. “The asset would never be produced if the log management platform missed the Syslog.  Unfortunately, this is prevalent in huge companies. “Finding a missing Syslog asset months later may indicate attackers abused and corrupted business assets.”

This provides passive asset discovery algorithms an edge because they can leverage historical network data (e.g., archived Syslog data) to find assets.

In many instances, IT may warn OT of any unusual devices identified. IT might also monitor for tendencies of interest that OT should be informed of and inform them if the severity level exceeds acceptable levels.

We can argue that this type of cross-functional team style would be impossible without passive asset discovery. And featuring two teams doing the same thing could cost the firm a lot more funds and resources.

MIRAT is an AI-empowered cloud software capable of providing all the packaged tools under one license, offering centralized self-service capabilities with No/minimum staff and remote monitoring capabilities that presently no other competitor is able to serve. The USP of MIRAT.ai is “Automation” of IT infrastructure management that is highly aligned with ITIL and current trends. The IT infrastructure management includes, but is not limited to, the operating system, database, network, storage, application, middleware spaces, etc.

Mirat.ai’s IT Infrastructure Management is Affordable & Easy to use! Get your Dashboard ready in only 5 Minutes. Request for Trial/Demo now (or) Contact our Team Now .

Contact Information:

Sales Executive
Phone: +1-315-636-4213
Email: sales@mirat.ai
Website: https://www.mirat.ai/

Comments are closed.