BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks. Such endpoints are sometimes referred to as "dumb devices."
Endpoint fingerprinting is especially useful for controlling access to networked dumb devices. Because dumb devices do not interact with the network in the same way as a computer would, they have typically been difficult to track. Often, an enterprise has no inventory of non-traditional endpoints on the network, let alone a method of controlling access to them. Although the traditional view of network security has been to trust all devices on the network, the fluid nature of network peripheries and increasing mobility mean that approach is no longer tenable.
When networked devices are not monitored, they may enable unauthorized access to the enterprise's network and its resources. According to Usman Sindhu, an analyst at Forrester Research, networked dumb devices present a perfect opportunity for a hacker to perpetrate a man-in-the-middle attack: "If you are able to spoof the IP address of a device, you're essentially getting into the network environment."
Endpoint fingerprinting gathers IP and MAC addresses from endpoint devices and checks them against a list of approved addresses to confirm that each address is authentic and the corresponding device is authorized to access the network. IP and MAC addresses are monitored constantly to decrease the risk of unauthorized access.
- 5 Steps to Reduce the Complexity of PCI Security Assessments –Bit9 + Carbon Black
- Defense Contractor Resolves Breach, Saves Thousands in IR Costs with Carbon ... –Bit9 + Carbon Black
- Why Are You Still Paying for Antivirus? –Bit9 + Carbon Black
- Advanced Threat Hunting with Carbon Black –Bit9 + Carbon Black