Axonius
How to Find Unmanaged Devices
Top  

How to Find Unmanaged Devices

How to Find Unmanaged Devices

Organizations today have a comprehensive arsenal of security tools to protect corporate-assigned devices. However, they can only protect the assets they know about. Finding the “unknown unknowns” presents a challenge. 

Unmanaged devices can be defined as IP connected devices:

  • Without an agent or configuration solution installed
  • Not being secured by an endpoint agent
  • Only known to the network or network scanners

Whether it’s an employee’s cell phone, a conference room smart TV, or a virtual machine (VM), any unmanaged device should be accounted for and acted on appropriately.

Challenges In Knowing Which Devices Are Unmanaged

Finding unmanaged devices is tricky. Asking Active Directory to show any device not being managed doesn’t work. Manually comparing AD data and network management software is time-consuming and error-prone. But a solution that can automatically correlate and deduplicate data will uncover risks and give you the ability to quickly address them.

Security Implications OF FINDING UNMANAGED DEVICES

If a device is unmanaged, it’s impossible to know whether it’s secure. The data provided by the network infrastructure or network scanners can yield scant details, sometimes just an IP address. Since very little is known, how can you distinguish between a smart TV in the conference room (which isn’t going to be part of a patch schedule) and a Raspberry Pi with open ports?

Data Sources Needed To Find Unmanaged Devices

  • IAM Solutions — Services like Active Directory or Azure AD that authenticate and authorize users and devices
  • Device Management Solutions — Services like SCCM and Jamf Pro 
  • Network/Infrastructure Data — By connecting to the networking infrastructure, administrators gain visibility into all devices within their environment

Discovering Unmanaged Devices With Axonius 

There are simple queries you can build to find unmanaged devices in Axonius, ranging from the broadest possible scenario to the most detailed.

Let’s take a look at the most basic query for finding unmanaged devices without security agents or management solutions.

not (((specific_data.data.adapter_properties == "Agent" or specific_data.data.adapter_properties == "Manager")))

This query can also be represented in the Axonius Query Wizard as:

This query finds all unmanaged devices without security agents or management solutions.

Here is an example of the returned results:

We can add other filter criteria to prioritize which devices should be addressed. For example, let’s find unmanaged devices that are not being scanned by a VA tool.

not specific_data.data.adapter_properties == "Agent" and not specific_data.data.adapter_properties == "Manager" and not specific_data.data.adapter_properties == "Vulnerability_Assessment"

This query can also be represented in the Axonius Query Wizard as:

Here is an example of the returned results:

We can also add a time element to find devices that are unmanaged, unscanned, and have been active on the network in the past three days using the following:

 not specific_data.data.adapter_properties == "Agent" and not specific_data.data.adapter_properties == "Manager" and not specific_data.data.adapter_properties == "Vulnerability_Assessment" and specific_data.data.last_seen >= date("NOW - 3d")

This query can also be represented in the Axonius Query Wizard as:

Here is an example of the returned results:

TAKING ACTION ON UNMANAGED DEVICES 

The Axonius Security Policy Enforcement Center allows customers to determine which automated action to execute when an unmanaged device is found.

The Axonius Security Policy Enforcement Center

Highlighted actions include:

  • Block Device in Firewall Block the unmanaged device at the firewall level
  • Manage Active Directory (AD Services) Enable the device in AD
  • Notify   Let someone know about the device via email, Slack, Syslog, or CSV
  • Create an Incident Create an incident using a ticketing system like ServiceNow, Jira, or Zendesk

LEARN MORE ABOUT FINDING UNMANAGED DEVICES

With that said, we’ve created a video that outlines Finding Unmanaged Devices here:

And as always, if you’d like to see a custom demo to better understand how Axonius can help your organization solve the asset management challenge, request a demo here.

See for yourself.

Interested in seeing what Axonius can do for your organization?

Schedule a demo and let us show you