What is network discovery?

IT teams require visibility into their network in order to fulfill their respective duties—they may not be able to understand the relationship between devices and how they communicate with each other when network discovery is not in play. When networks experience downtime, network discovery provides response teams with relevant data, allowing them to more quickly identify and address the issue.

Hybrid networks, such as virtual, wired, and wireless networks can complicate a network topology and make it difficult for IT teams to identify any root causes when an incident or issue occurs. And, as digital operations continue to increase in scale, networks are also beginning to change in terms of layout. BYOD policies and increased dependency on smart technology mean that employees are adding personal devices to the workplace. As such, monitoring basic health metrics is no longer a usable baseline—businesses must be able to use network discovery tools to have visibility of all internal activity.

Cybersecurity is also aided by network discovery, as invalid IP addresses can be identified as a sign of a malicious device that is carrying malware. IT and Security teams may use network discovery to run regular scans to identify any threats that might be sitting quietly on a network, poised for attack.

Network discovery can further improve security by helping teams identify open ports on connected devices, and inform decisions regarding which ports do and do not need to be open for business operations to run effectively.

There are three delivery protocols that IT teams use to find and track devices on the network: Simple Network Management Protocol, Link Layer Discovery Protocol, and ping.

Simple Network Management Protocol (SNMP) lets IT teams gather and organize data about devices on a network. Link Layer Discovery Protocol (LLDP) is vendor-neutral, and transmits device information to a directly-connected device during regular intervals. Pings are a software utility that lets teams test the reachability of a device on an IP network—they send an Internet Control Message Protocol (ICMP) to a connected device, and measures the time that it takes to receive an answer.

An agent-based discovery places an “agent” on each target system for discovery that runs a piece of code on the target, “calls home” to a central server, and reports back what it found. Agents are hosted locally, and are capable of gathering and storing performance and availability metrics from servers, computers, virtual machines, operating systems, and many network devices and applications. While agents are often deployed manually (either by physically installing them on each target machine or by remote installation), some may be installed using mass deployment technologies.

Agentless network discovery does not require a client installed at the end point in order to gather information about the asset. It gathers all of the data remotely from a central tool run on a server. Agentless discovery eliminates the need for time-consuming manual deployment, but because they do not reside on the machines themselves, they may be more limited in terms of what kind of data they have access to. Agentless monitors depend heavily on available network resources, and may be affected by network issues, such as latency, packet loss, or poor connections.

Network discovery not only allows an IT team to see other devices, but it also allows them to communicate with the device—for instance, printing something without a connected cable. Another advantage is that you can transfer files between devices directly over the Wi-Fi rather than using the internet, or relying on manual transfer.

A primary disadvantage is that data transmitted between connected devices could be intercepted by a third-party. Network discovery opens the opportunity for hackers to “sniff” a network and intercept something that is being transmitted.

Network discovery software utilizes processes to help teams understand their network layout. Discovery protocols that are applied can collect information about virtual computers and networks, software on a network, hardware on a network, and the logical and physical relationship between network assets.

The tool works by automatically gathering data using IP scanes, ping sweeps, and polling devices with SNMP monitoring, which works more rapidly and effectively than manual gathering.