One of the key gaps in security and management is the visibility of Devices and Services on and off the networks. Coupled with the discovery mechanisms described below, EdgeLox will also maintain an inventory of all the classified devices and services by domain so they can be referenced against in real time and upcoming device types identified readily. This product uses the infrastructure management and monitoring as a secure substrate to launch the discovery and onboarding on. Once discovered, the admins will have the option of managing the devices one of 3 ways; completely with health monitoring and driving actions or partially with a read-only health monitoring or detecting any anomalies by just analyzing traffic collected non-intrusively.
Discovery of devices on the network is possible in one of 2 ways: a non-intrusive real time line-speed analysis of all traffic on the network and a protocol-based scan of the network for devices that speak a specific protocol. The images below provide on outline and the stacked details where the captured traffic goes through further processing and classification using a supervised model to arrive at the list of devices with each prediction associated with a confidence value.
The protocol-based discovery is specific to each protocol. For instance, BacNet protocol-based discovery uses BacNet specific constructs and retrieves BacNet specific data while ModBus or ZigBee based discovery uses protocol specific architecture and retrieves protocol specific artifacts. Given the nuances of every protocol, what’s retrieved as part of this discovery is different in each case. Also, unlike traffic-based discovery, this is an active discovery mechanism as the system initiates it.