Network discovery has always been a utility required for any defensive assessment. First discover your assets. Only then can you implement a patching strategy to reduce your attack surface. Only then can you figure out what to defend and how.
But the surge of new devices attached the network—be it the conference phones, security cameras, and building controls in an office, or the machines on a plant floor or in an electrical utility’s grid—has exacerbated the problem with discovery. Many devices are uncatalogued in discovery tools meant to differentiate between servers, desktops, and wifi devices.
HD Moore, founder of Critical Research Corporation, and known as the father of the Metasploit Framework, took a moment to describe his new project. With Rumble Network Discovery he is creating a tool that will solve the asset discovery problem. His team is systematically cataloging all devices. Each new user of Rumble may introduce them to new devices, but over time their ever growing database of device signatures creates a clearer and cleaner mapping of an organization’s assets.
Active scanning and fingerprinting are the core of Rumble. HD describes how this overcomes issues with legacy tools that may miss things thanks to micro segmentation, which cloaks whole segments from a passive network tap, and device hardening, which is designed to foil scanning.
Only with as complete a picture as possible of the devices on your network, including your cloud deployments, will you be able to grasp the task at hand: protecting everything.
Listen to the inaugural re-launch of the IT-Harvest Interview series with HD Moore.https://player.vimeo.com/video/404143105
Interview from Richard Stiennon on Vimeo.