You know about all of the devices in your network, don’t you? You’ve probably tagged or labeled or configured every switch, every access point, and every firewall you own. This is especially true in a small or medium enterprise. The likelihood of a device being on the network without your knowledge is slim.
Yet, it happens more often than most people think. Rogue devices are a common occurrence in enterprises of all sizes. From the smallest mom-and-pop store to the halls of IBM you will find all manner of curious items floating around. Maybe it was the developers that wanted better wireless coverage in a corner of the lab or wanted to see if Wi-Fi 6 made their commits faster. Perhaps it was the executive that needed to have a switch under their desk so they could plug in both their laptop and their all-in-one PC for the look and feel of someone important. It could also be someone nefarious doing something with a rogue device designed to gain access to your network from inside the perimeter of a carefully-crafted security policy.
Whatever the reason, rogue device detection is critical for any security professional. If you think that the only devices in your network are the ones under your control, you had better be sure in some way. Regulatory environments require you to know about everything connected to the network, whether you own it or not. Auditors don’t care about something that just showed up last night. If you don’t know about it and don’t have a plan for dealing with it, you’re going to be in the wrong.
A Solution for Rogues
One of the better ways to deal with rogue devices is to be able to find them when they pop up. And if you want to be able to do that with a quick and easy solution that won’t break your small enterprise budget you should look at PathSolutions. They’re a company that is very much focused on the small and medium enterprise and they released a new product just a couple of months ago that is the key to finding rogue devices in your environment and much, much more.
TotalView Security Operations Manager combines the power of the PathSolutions monitoring platform with the focus features needed to provide security monitoring and management. You get the attention you need on the network and the devices connected to it as well as the assessment you need to ensure that everything that’s connected is properly secured. But TotalView Security Operations Manager goes beyond just finding malicious hardware.
One of the other problems that creep up is unauthorized services. Specifically, in the case of networks, you’re talking about rogue DNS and DHCP servers. The latter can cause headaches because users are getting addresses outside the normal scope of allocations and can wreak havoc with things like BOOTP devices or IP phones registering to call processors. The former is a bigger security threat by far. Rogue DNS servers can lead to problems with malicious sites and evasion fo inline filtering protocols. If I wanted to really exploit someone’s computer, I could just redirect their DNS settings to a server I control and masquerade as a legitimate banking site or email program. I could harvest their credentials and be off to the races stealing everything that wasn’t nailed down.
Thanks to TotalView Security Operations Manager, you can track down those rogue services and shut them down before they become a problem. You can trackback where they came from to determine if it was an inept attempt at shadow IT or a more nefarious plot to steal data or compromise your systems. You have that power thanks to the flexibility of the platform. Don’t believe me? Try out their sandbox environment and see for yourself how it all works.
Bringing It All Together
I’ve spent a lot of my career dealing with rogue devices. I’ve also spent a lot of time cleaning up messes when those devices go undetected for days or weeks. Thankfully I’ve never had to clean one up after a security breach, but I’m sure there are many people that have. If you can have a solution that gives you the power to detect these devices before they become problematic and report when new devices are configured on the network, wouldn’t you leap at the chance? Try out PathSolutions and their sandbox and you’ll know if this is a platform you can configure and use to fix and rogue issues you have.
