The Importance of Device Discovery
Device discovery enables system administrators to locate newly installed network-attached systems that may not have been properly configured, locked down, and/or hardened. This becomes more important when users bring personal computing devices such as laptops, tablets, and smart phones into the workplace. Any new device that is not properly patched and configured increases an organization's attack surface.
Device discovery can also find "drop boxes" (e.g., MiniPwner), which are small single-board computers - some embedded in power strips, some individual devices - that can be plugged into an Ethernet jack such that the device will then make a reverse-VPN connection to give the attacker access to the internal network.
Limitations of Device Discovery
Device discovery is only effective when the necessary steps are taken to harden specific assets found to be out of compliance.
Vidder's Device Discovery Recommendations
Vidder strongly recommends deploying an automated asset inventory discovery tool that both actively and passively scans all addresses in the network. The asset inventory database should be encrypted with its keys stored in a Hardware Security Module (HSM). Direct access to the database should be treated as privileged access. In addition, 802.1X should be used on all Ethernet switches and Wi-Fi access points to prevent access to unregistered systems.