Our current networking environments are accelerating the pace of change. The job of the network manager has become more complicated. There are many more devices to manage. There are more users and more applications to go along with all these devices. This is where network discovery tools come in.
While the Network Field Report 2021 shows the average workweek of IT professionals has decreased over the past five years, our knowledge of the network hasn’t improved. More than half of IT professionals have incomplete knowledge of their network.
What does all this mean? It means IT professionals need to improve their knowledge of the network, or risk returning to the reactive firefighting that often causes those 60+ hour work weeks. And in the tradition of most IT problems, the solution is going to be the correct automation tools to help network admins and networking engineers do their jobs more efficiently.
Network discovery tools, sometimes also called network asset discovery software, allow you to be more productive as networks continue to evolve. So, let’s understand network discovery better, then figure out how to select the best tools for the job.
When a managed service provider or new network admin steps into a network environment, one of the first things they’ll ask for is a current network map, a complete inventory of hardware and software assets, a system security plan, and other forms of documentation. These should show things like networking resources, inventories, interdependencies, ports, and protocols used—everything that’s on the network.
Often the request is met with deflection or sheepish glances to co-workers because this documentation simply doesn’t exist. It wasn’t maintained after being created or was maybe never collected in the first place.
What is network discovery?
Network discovery or network detection, network device discovery, etc., is the ability to locate all the networking resources that are available on a given network. Network discovery can come in many forms, including traditional manual methods such as wire tracing, manual ping sweeps and port scans, and documenting results in spreadsheets. Modern network discovery is performed using automated tools and software—with greater accuracy and speed.
The goal of network discovery is to ensure that all assets are discovered, documented, and monitored. The process of managing your network starts with making sure you know exactly what’s on the network.
Network discovery software, or an IT discovery tool, consists of intelligent devices that are given permission to view a specific segment of a network or your entire network. The best network discovery software will use information obtained from initial parts of the scan and iterate on the data retrieved to do a discovery of the entire network. This means, once a network discovery is started, the software will continue to crawl the network until the entire system is documented.
How do discovery tools work?
Automated network discovery tools work by searching out the network for a specific set of parameters. The primary means of discovery is to initially discover assets based on their IP address. . They can find a specific IP address range, then find and catalog every device in the address range. There are three general types of network discovery.
- IP address discovery
Discovery by IP address usually starts with a ping of each potential device address in a range. If the ping returns a response, the discovery software will know there is something at that address and it’s live. Good discovery tools will take this one step further by complementing IP addresses with additional asset details, such as device names.
IP address discovery can also determine which IP addresses are being used and which ones are left unused. This is very important in organizations who need to manage their IP addresses for future use, and can be used as security when auditing unauthorized IP addresses.
- MAC address discovery
Discovery by MAC usually starts by reading the network scanner’s MAC address table, and may also use passive techniques such as packet captures to discover additional assets. The advantage of MAC address discovery is that devices configured with an incorrect IP address will still be discovered on the network.
- Open port discovery
Open port discovery is more detailed discovery than by just MAC or IP address. It gives the additional function of looking for open software ports on each device. These open ports can help you uncover applications running, do additional device fingerprinting, and identify security vulnerabilities. For example, perhaps a port was open in the past to talk to a specific application but now that application is no longer in use by the organization and the port should be closed.
Many attackers are actively looking for open ports. Once an attacker discovers one, they can use specific malware to exploit it. Open port discovery allows you to find and close these ports.
How to choose the best network discovery software
There are several criteria you’ll want to look at when choosing a good network discovery software solution. At the top of the list is going to be ease of use and how long it takes to set up.
Ease of use
The point of network automation tools and network discovery tools initially is to lift a burden off your limited IT resources. Network discovery software should be able to do this seamlessly. Make sure anyone can come in and operate the system quickly and efficiently as resources change or merge.
Another criterion you want to look at is how well does the product work with your current environment. Look for compatibility with other systems and proprietary functions that would make it less useful.
A good example of a proprietary function is Cisco’s network discovery protocol called CDP. It’s extremely useful and is employed throughout Cisco’s products. But if you have a preponderance of non-Cisco devices on your network, it can be a problem. If you use CDP on a network with lots of non-Cisco devices, you’ll have holes in your network discovery map. So, industry-wide compatibility is essential.
Before you start your selection process, make a list of features that you must have and features that you would like to have. An example of an important feature that should always be considered is simple reporting, such as documenting and cataloging IP address and device names.
Another good feature is the ability to automatically tell you when subnets are being used, or when they’re changing. You’ll be amazed how often this can change—and how quickly—over the period of just one year.
Deployment platform support
Is your organization moving applications to the cloud, or are there explicit policies against leveraging cloud-deployed and SaaS solutions? How the network discovery software will be deployed is an important consideration when evaluating network discovery software. Having a solution on site will enable you to keep network data within your data center, but using a cloud-hosted or SaaS application will ensure your network documentation is always available, even in network outages.
Network mapping has become an essential component for any network discovery software, as a visual understanding of the network and how devices work together enables IT teams across and outside of the organization to quickly understand the network. A network map can be incredibly helpful when troubleshooting and is a critical part of network discovery.
To have the analysis already performed prior to any network issues, and have it at your fingertips, is a life-saver. Network maps aren’t just pretty pictures with lots of colors to impress management. They’re a fundamental part of your network knowledge.
Pros of network discovery software
This is a technology where the pros far outweigh the cons. Network asset discovery software will change the way you manage your network resources.
Network discovery software will give you a completely different view into how your network is set up. Monitor traffic on your network to know exactly what’s talking to what? What’s really in use and what’s not? This visibility will give you greater confidence about what you’re dealing with and your ability to manage it.
Going into a critical networking situation cold is a bad, bad feeling. Not only will network visibility give you the ability to be proactive in your network management role, but it will also allow you to reduce the mean time to resolution for reactive issues. Context matters when troubleshooting!
Network discovery software is going to give you knowledge about what you have and how many of them you have. Who’s using the resources and how often? This knowledge will help you to effectively plan and allocate resources.
When management comes to you and wants to know what they’re paying for, not only will you be able to tell them, you’ll be able to show them. This asset management benefit alone can pay for a good network discovery software tool.
No discussion about IT and technology innovation is complete without a nod to cybersecurity. Think like the bad guys. What’s a hacker looking for? They’re looking for assets that might not be up to date. They’re looking for open unused ports. They’re looking for assets that are ghosted and open. They’re looking for vulnerabilities. How do they do this? By doing discovery on your network.
So, who should be discovering what’s happening on your network? You and your IT staff or the hacker? The answer is quite simple. If you don’t perform the discovery duties necessary to maintain your network, someone else will.
Cons of network discovery software
As you can see, there are quite a few very important advantages to network discovery software. On the flip side, there are very few disadvantages and they both have to do with project scoping rather than the software itself.
One thing to be aware of is how aggressive your network discovery process can be. For example, if you decide to discover all devices plus all software ports, you can get yourself in trouble. There are 65,000 available ports to be discovered on each end point. Do you want to be scanning all of these? All the time? Maybe not.
Don’t get too ambitious. You may saturate your network with network discovery traffic. Setting your criteria in the beginning and scoping the discovery correctly are important.
Another issue can be sizing that’s too limited. You may bring in a system that’s too limited in scope. This can cause you to not be able to accomplish your goals. So careful attention should be paid to the criteria for success and how it’s communicated to your staff. This is more about expectations than technology. Set the expectations and the criteria correctly and you’ll be working toward a successful outcome.
Auvik’s automated network discovery, mapping, and inventory capabilities give you true visibility and control. Get your free 14-day Auvik trial here.