You need to know what’s connected to your network to manage or secure it. Surprisingly, many system administrators still manually update spreadsheets to keep track of IP addresses, asset inventory, and lifecycle management.

A much easier way to get an accurate picture of your data center, laptop, and IoT infrastructure is to use IT asset discovery tools, which help with network discovery of your IT infrastructure in real time.

IT asset discovery tools typically offer the following functionality:

  • Discover assets on the network
  • Save asset inventory in a database
  • Queries to assist with IT management or cybersecurity
  • Reports on key metrics on dashboards
  • Rules and alerts to notify you as things change

You can either work directly inside an IT asset discovery tool or feed the data into other systems, such as:

  • IT service management solutions (ITSM) for helpdesk ticketing
  • Configuration Management Database (CMDB)
  • IT Asset Management software (ITAM)
  • Security Incident and Event Management (SIEM) systems
  • Keep reading to learn about the factors you should consider when choosing an asset discovery tool for your IT environment.

Keep reading to learn about the factors you should consider when choosing an asset discovery tool for your IT environment.

7 questions to ask yourself before choosing IT asset discovery software #


Before you decide on an IT asset discovery tool, you may want to ask yourself a few important questions.

1. Do you need to cover routers, IoT, and mobile devices? #

Some IT asset discovery tools are optimized to find managed devices, such as Microsoft Windows desktops connected to your Active Directory. These solutions miss about 10-40% of your network, such as IoT devices, routers, switches, as well as rogue and orphaned machines.

If your asset inventory provider does not include all devices, your service desk won’t be able to reliably troubleshoot networking issues or find assets that pose an IT security issue.

2. Do you need SaaS or on-premises deployment? #

SaaS is typically faster and easier to deploy, but your organization may require you to have sovereignty over your data.

3. Do you need a scalable solution? #

Scanning one /24 subnet is different from scanning larger, distributed networks. Make sure that you are picking a solution that can scale for scanning speed, centralized console, and Terabytes of data processing.

4. Which asset discovery approach will gather the data you need? #

The type of data you need to collect will determine the technical approaches you will need for your situation:

  • Unauthenticated scans can gather a broader set of devices on the network because they do not require credentials to log in to the device. They work well for finding IoT and unmanaged devices, as well as providing a list of open ports on machines. Some of these solutions can find a surprising amount of detail, including operating systems, MAC addresses, software and firmware versions, and hardware models. Definitely try unauthenticated scans to see what they can find.

  • Authenticated scans can get details only available to a logged-in user, such as CPU, RAM, and storage usage as well as software licenses. However, they will drastically underperform for any type of device where the password doesn’t work. If you have IoT, networking, and unmanaged devices, this approach may not provide the visibility you need.

  • Endpoint agents may be able to get some system internals, such as CPU, RAM and storage usage from devices. However, they need to be installed on every device you want to include in the inventory. Endpoint agents cannot be installed on unmanaged devices and they may not work on many IoT and embedded systems, limiting your visibility. If you are planning to use an EDR or MDM agent for your asset inventory, verify your solution actually collects the type of information you need.

  • API integrations can provide some insights into asset inventory. Integrate your asset inventory with your endpoint detection and response (EDR) or mobile device management (MDM) to leverage existing endpoint data.

  • Passive network monitoring can give you insights into the devices on the network by listening to the traffic. This approach doesn’t create additional traffic on the network, but that also means that devices that don't generate traffic can't be discovered.

  • Passive asset inventory is much harder to deploy because you have to plug it into the SPAN ports of each network device to collect data. Because data is collected passively, the data quality tends to be lower. Consider this analogy: if you were at a party and listening to other people’s conversations, you’d probably be able to gather some information. However, direct conversations would allow you to ask questions and get answers instead of relying on passive listening. The use of encrypted protocols is also making this approach less and less viable.

5. Do you need to cover information technology (IT) and also operational technology (OT)? #

Operational technology comes in many forms. In its simplest case, it includes badge readers and HVAC systems in regular office buildings. More advanced OT environments include medical devices, telco equipment, and production lines for manufacturing.

The need to cover OT equipment will eliminate several approaches, including authenticated scans, endpoint agents and API integrations. Passive network monitoring is popular in these environments but tends to have low-fidelity results and miss devices that are not communicating. It’s also really hard to deploy in complex or distributed environments because it relies on tapping SPAN ports on your networking gear.

Modern unauthenticated scanning solutions that have been designed with OT equipment in mind can be a great option. Definitely test out the unauthenticated scan on a handful of test devices to ensure that it’s not disrupting operations on fragile devices. Modern scanners tend to be better than legacy implementations.

6. Do you have machines that have multiple IP addresses or change IP addresses? #

Keeping track of devices as they change IP addresses can be difficult for IT asset discovery tools, often producing duplicate entries in the asset inventory. The same is true for devices with multiple network interfaces that are being scanned from multiple vantage points.

To reduce issues with duplicate devices, choose a solution that can deduplicate devices that change IP addresses or have multiple network interfaces.

7. Do you have passwords for all of your assets? #

Authenticated scanning or endpoint agents will require that you have admin credentials for all machines you want to inventory. Most organizations don’t have usernames and passwords for legacy and IoT devices, ruling out this option for many.

Using authenticated scans also increases your security risk because the scanner provides central admin passwords to all IP addresses in the scanning range. If there is even a single compromised asset on the network, the attackers will have the keys to the kingdom to access or ransomware all of your connected devices.

Try unauthenticated active discovery with runZero #

Written by HD Moore, the creator of Metasploit, runZero is an agentless solution that consistently provides surprising and rich levels of detail for an unauthenticated network scanner. Available as both free and commercial editions, runZero provides the fastest and easiest way to see everything connected to the network. Users of the commercial editions can augment scanning data with API integrations, such as cloud hosting, endpoint security, and MDM solutions.

runZero runs on Windows, Mac OS, Linux and BSD without dependencies. Asset tracking of devices that have changed IP addresses or have several network interfaces is possible with runZero. In fact, runZero even shows secondary IP addresses in ranges that were not scanned to help identify network bridges.

  • Free and commercial editions
  • Easy to deploy and use through a central console
  • Safely scans managed and unmanaged IT and OT equipment
  • Supports SaaS and on-premise deployments

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved