13/08/2019

Passive asset discovery or active asset discovery – which one is it now?

In various blog posts about asset inventory and asset discovery, we have favored the passive method, even warned against active asset discovery. The reason for this is the high susceptibility of industrial systems to failure – especially older components are often susceptible to thoughtless network scans.

 

Why should I choose active asset discovery?

So why use active asset discovery anyway? On the one hand this is due to the possibility to get an even better overview of the active systems and on the other hand there is the chance to discover inactive or rarely active systems. Once the systems are known and the capabilities have been explored, with active asset discovery you can use additional features such as reading the firmware, SNMP endpoints or even employ vulnerability scanners to actively extract information from the system. This allows the Asset Inventory to be kept up-to-date automatically and without regular user input.

Interesting information obtained thanks to active asset discovery can be, for example, the back panel configuration or the connected Profibus participants. In addition, active asset discovery can also be used to find components that do not actively participate in network traffic, in short: the visibility of all components is further increased.

How can active asset discovery be used?

For active asset discovery there are tools from different manufacturers with different functions. However, it is important to consider exactly which areas need to be covered in advance. Therefore, before using asset discovery (passive or active), it is advisable to conduct a detailed analysis of the requirements and compare the products for compatibility with the systems in use.

Limes recommends:

Active asset discovery is a tool for advanced users and both the function and the application areas must be well thought out before use. A premature and reckless use can lead to failures!