endpoint fingerprinting

Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks. Such endpoints are sometimes referred to as "dumb devices."

Download this free guide

5 Ways to Prevent Ransomware: Download Now

Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Endpoint fingerprinting is especially useful for controlling access to networked dumb devices. Because dumb devices do not interact with the network in the same way as a computer would, they have typically been difficult to track. Often, an enterprise has no inventory of non-traditional endpoints on the network, let alone a method of controlling access to them. Although the traditional view of network security has been to trust all devices on the network, the fluid nature of network peripheries and increasing mobility mean that approach is no longer tenable.

When networked devices are not monitored, they may enable unauthorized access to the enterprise's network and its resources. According to Usman Sindhu, an analyst at Forrester Research, networked dumb devices present a perfect opportunity for a hacker to perpetrate a man-in-the-middle attack: "If you are able to spoof the IP address of a device, you're essentially getting into the network environment."

Endpoint fingerprinting gathers IP and MAC addresses from endpoint devices and checks them against a list of approved addresses to confirm that each address is authentic and the corresponding device is authorized to access the network. IP and MAC addresses are monitored constantly to decrease the risk of unauthorized access.

Learn More:
Shamus McGillicuddy explains 'Using NAC endpoint fingerprinting to inventory dumb devices.'