Network Discovery in CYRISMA: A Comprehensive Guide
Network discovery is a foundational step in understanding the assets and devices within an organization's network. In CYRISMA, network discovery enables you to identify devices, endpoints, and other network-connected assets, laying the groundwork for comprehensive vulnerability management, data protection, and compliance. This article outlines the process and best practices for conducting network discovery using CYRISMA.
Written by Liam Downward
Updated at January 22nd, 2025
- User Manual
- Agents
- The Cyber Risk Assessment Process
- API Documents
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- CYRISMA Change Log
- Support Ticket SLA
- Onboarding Framework
- PSA Integrations
- Billing Questions
- Self Onboarding Guide
Table of Contents
1. What is Network Discovery?
Network discovery is the process of identifying all devices and endpoints connected to a network. This includes servers, workstations, IoT devices, printers, routers, and more. By performing network discovery, you can:
- Map the organization's network topology.
- Identify unknown or rogue devices.
- Prepare for targeted scans such as vulnerability or data scans.
2. Why is Network Discovery Important?
- Asset Visibility: Gain a complete view of your network's devices and assets.
- Improved Security: Identify devices that may not have adequate security controls.
- Efficient Scanning: Focus scans on relevant devices and endpoints.
3. Preparing for Network Discovery
Before running a network discovery scan, take the following preparatory steps:
a. Identify the Scope
- Define the IP ranges or subnets you want to scan.
- Consider any network segments or VLANs that may require specific scanning configurations.
b. Ensure Permissions
- Use credentials with administrative access to ensure full visibility of devices.
- Confirm that firewalls and network settings allow the discovery process to function.
c. Choose a Probe Device
- Designate a device running a CYRISMA agent to act as the probing sensor for the discovery scan.
4. Conducting a Network Discovery Scan
Follow these steps to perform a network discovery scan in CYRISMA:
Step 1: Access the Network Discovery Feature
- Log into your CYRISMA instance.
- Navigate to Admin > Targets > Network Discovery.
Step 2: Configure the Discovery Scan
- Scan Name: Provide a descriptive name for the scan (e.g., "Office Network Discovery – January 2025").
-
IP Ranges/Subnets: Enter the IP ranges or subnets to be scanned (e.g.,
192.168.1.0/24or10.0.0.0/16). - Probe Device: Select the scanning agent that will act as the probe.
- Credentials: Input alternative credentials (e.g., domain admin credentials) to authenticate and enhance the discovery.
Step 3: Schedule the Scan
- Choose to run the scan immediately or schedule it for a specific time.
- Enable email notifications to receive alerts upon scan completion.
Step 4: Launch the Scan
- Click Start Discovery to initiate the scan.
5. Reviewing Network Discovery Results
Once the scan is complete, access the results under Network Discovery Results. Key information includes:
- Device Types: Categorization of devices (e.g., workstations, servers, IoT devices).
- IP Addresses: List of identified IPs and their associated devices.
- Operating Systems: Operating system details for applicable devices.
- Vulnerabilities: Preliminary vulnerability insights for detected devices.
Filtering and Sorting
- Use filters to focus on specific device types, subnets, or IP ranges.
- Sort devices by status, operating system, or other attributes.
6. Merging Targets for Future Scans
After reviewing the results, merge identified devices into your target list:
- Select the devices you wish to scan further (e.g., workstations, high-value servers).
- Click Merge to add them to your list of scannable targets.
7. Best Practices for Network Discovery
- Use Descriptive Naming: Clearly name scans to track results over time.
- Start Small: Begin with a specific subnet or critical segment of the network to avoid overwhelming the system.
- Verify Credentials: Ensure credentials are accurate to maximize the discovery's effectiveness.
- Regular Scans: Schedule periodic network discovery scans to account for new devices and changes in the network.
- Focus on Critical Areas: Prioritize discovery scans in segments housing sensitive data or critical infrastructure.
8. Common Challenges and Troubleshooting
a. Devices Not Detected
- Verify the IP range includes the device’s subnet.
- Check firewalls and network configurations to ensure they allow discovery probes.
b. Scan Failures
- Ensure the probe device is active and has connectivity to the target network.
- Verify that provided credentials have the necessary access.
c. Incomplete Results
- Review logs to identify skipped devices or errors.
- Re-run the scan with refined configurations or permissions.
9. Leveraging Network Discovery Insights
Network discovery results can guide actions like:
- Targeting specific devices for vulnerability scans.
- Monitoring unauthorized devices or potential rogue assets.
- Identifying unsupported systems or outdated firmware.
10. Conclusion
Network discovery in CYRISMA provides unparalleled visibility into your organization’s network, enabling proactive security and efficient management of IT assets. By following these best practices, you can effectively identify and manage all devices on your network, ensuring a secure and compliant environment.