This article explains the Cato Networks Device Inventory service, and how to use it to discover devices on your network. Then you can monitor the devices and create firewall rules to manage their access control.
Device Inventory is the Cato service you can use to discover, monitor, and manage devices connected to your network. The Device Inventory engine analyzes WANbound and outbound traffic to detect, identify, and classify connected devices. The Cato Cloud automatically identifies the devices using a passive method of detection with no special setup or agents required.
The Device Inventory engine uses machine learning and AI to identify each device, giving you a full inventory of devices and detailed data for each device.
A separate Device Inventory license is required for Device Inventory pages and features. For more about purchasing a license, please contact your Cato representative.
A security admin receives a task to review the security posture of the meeting rooms in the site for the London branch office. The admin goes to the Device Inventory page, and filters for Field - Device Type, Operator - In, Value - Video Conferencing and sees all the video conferencing devices in the London site. The admin realizes that there are video conferencing devices from several different manufacturers and this does not meet the organizational security policy. The IT team creates new rules in the WAN and Internet firewall policies with Device Attribute settings that only allow the two approved manufacturers for the video conferencing devices. Some of the video conferencing devices in the London site will no longer work because they are blocked by the firewall policies until they can be replaced with new devices from the approved manufacturers.
During the weekly meeting for the SecOps team, they use the Device Dashboard to review the number of new device types and categories that connected to the network.
Then they review the widgets in the Security section to trace any anomalous behavior that was detected by the security engines. When they find something suspicious, they use options to pre-filter the relevant CMA pages:
-
View in Device Inventory is used to follow up on the device details and data
-
View Events is used to get more data about the traffic and connections
The Device Inventory page is continuously updated with new devices and data based on the Device Inventory engine. It can take up to 12 hours to complete the identification process and for the data to be displayed on the relevant pages (such as Device Inventory and Device Dashboard). The engine categorizes as much data on the device as it can confidently identify. This means that not all of the data fields may be available for a specific device.
Due to the fact that the device identification is based on the device behavior patterns, it's possible that the data and fields for a specific device can be incorrect.
For more information, see Using the Devices Page.
The Device Dashboard is a centralized interface that provides visibility to monitor connected devices within your network. The dashboard focuses on two tasks, Discover Now and Security.
The Discover Now section contains several widgets that visually display the total number of devices by a variety of criteria, such as operating system and manufacturer.
The Security section helps to identify potential security risks associated with devices in your network. For example, you can review events for devices that were blocked by the IPS service or the Internet firewall.
You can drill-down for further analysis by selecting an item in the widget, and show the filtered data in the Device Inventory or Event page.
For more information, see Using the Device Dashboard.
You can define WAN and Internet firewall policies that specify which types of devices are allowed or blocked from accessing certain network resources.
Use the Device Attributes condition to define rules for devices that were detected on the network by the Device Inventory engine. You can use the following attributes in a firewall rule: Category, Type, Model, OS, Manufacturer, OS Version.
For more information, see Adding Device Criteria Conditions to Firewall Rules.
0 comments
Please sign in to leave a comment.