Obtaining global network visibility requires accurate measurement of four factors: network topology, address space, leaks and device fingerprints.

Lumeta's IPsonar actively scans the network to collect all data related to these factors via Network Discovery, Host Discovery, Leak Discovery and Device Fingerprint Discovery. Network and security managers and executives can accurately visualize what's on the network, drilling down to analyze potential areas of risk and identify appropriate corrective actions.

Network Discovery

Given the frequency of change in large networks, and the error-prone way in which changes are made, organizations struggle to assure that all network assets are under management. Unmanaged assets increase risk of intrusion and service outages.

• Applies multi-protocol discovery to penetrate deep into the network, identifying forwarding and filtering devices
• Traces the path of data through the network, indicating whether assets communicate properly
• Flags "stealth" assets that do not respond to queries, pinpointing resources that may not be under management
• Isolates the impact of firewall and router ACLs (access control lists), assuring they are operating in compliance to policy
• Provides a comprehensive route-based network topology from an application connectivity perspective

Host Discovery

The network is a collection of IP addresses that IT organizations are responsible for securing. Yet unknown IP addresses exist in every large network, often going undiscovered until they cause an outage, breach or audit issue.

Lumeta's IPsonar detects all known and previously unknown network address, helping IT executives align their area of visibility with their area of responsibility. The solution:

• Conducts a census of all IP addresses using multi-protocol discovery, identifying the true perimeter of the network
• Flags previously unknown addresses - those not recognized by official network inventories - for remediation
• Enables organizations to harden defenses around their network perimeter and secure zones to enforce policies

Leak Discovery

Leaks are devices with unauthorized inbound or outbound connectivity to the Internet or sub-networks. The more complex a network, the more likely that leaks exists.

Defending information and operations from threats requires that IT organizations proactively identify leaks, such as unsecured routers exposed to the Internet or open links to former business partners.   Lumeta's IPsonar reveals all unauthorized connections, identifying whether access is outbound, inbound or both. The solution:

• Pinpoints forwarding and filtering devices, enabling IT staff to assure these resources are in compliance with security policy
• Flags inbound and outbound connectivity to secure zones, such as those developed to protect customer data or carry sensitive communications
• Identifies resources a "hop" beyond the network, showing executives which organizations they are connected to
• Spots hard-to-find leaks such as unauthorized Cable/DSL routers, multi-homed servers, and NAT/PAT proxies that covertly forward network traffic

Device Fingerprint Discovery

Assessing risk requires more than a census of assets and their interdependencies. To determine whether assets are non-compliant or vulnerable to a specific threat, IT organizations must understand their attributes, such as a server's OS or whether a device or host has a particular service enabled.

Fingerprinting capabilities within Lumeta's IPsonar achieve this, detecting services, wireless access points and operating system information - without disrupting asset operations. Fingerprinting is an important complement t o leak discovery, prioritizing vulnerability and patch management efforts to vulnerable devices that have exposure to the Internet. IPsonar:

• Identifies Internet services and proprietary IP applications active on hosts and devices, pinpointing resources for which tested ports are active
• Flags improperly secured wireless access points for remediation - improving security without requiring staff to scan airwaves or deploy antennae-based monitors
• Determines which operating systems network devices are running
• Extracts information from standard packets (ICMP echo requests and high-port UDP packets); no application-layer transactions
• Facilitates consolidation by noting devices that run network-based services, such as printers, network-based faxes and storage appliances
• Exports details to security tools, optimizing host-level vulnerability assessments and accelerating patch management

Multi-tier Enterprise Architecture

Because it is a network appliance, Lumeta's IPsonar requires no installation or disruption to operations in order to completely scan a network - no matter how far-flung or numerous the resources are.

• Sensors. Accurate, complete network scanning is achieved through the use of network entry points called Sensors. These entry points are portable, providing flexibility to address even the most fast-changing networks.
• Scan Servers. These resources are positioned at appropriate points in the network to assure that business applications and even the lowest-speed network links are unaffected by IPsonar network traffic. Multiple scans can be run simultaneously.
• Report Servers . Functioning as the data repository, Report Servers separate report generation from scanning to further reduce IPsonar’s operational footprint. A single remote Report Server can support multiple Scan Servers.

All appliances use a pre-loaded, hardened configuration to simplify and assure security. Communication between appliances is via HTTPS (SSL) and available in several configurations, so that no changes to firewalls or network access control are required. IPsonar’s User Interface support signed digital certificates.