Detecting Phantom Devices on Your Network

So you run a network discovery and you notice devices that you are not familiar with. A phantom device is a device that is unmanaged that should be monitored by your Network Management System (NMS)

It seems these devices show up even though you have processes in place to prevent this type of behavior. These could be devices connected to the wrong network, printers, BYOD etc. A phantom device is invisible to you so you are unaware of the device, opening a vulnerability, missing patches, Misconfigurations etc.

How to detect and integrate phantom devices

The first step is to find these devices so you know that they exist and track them. Once you find the device you need to extract device information and understand how they are integrated into your network. The detection process cannot interfere with your daily business; you don’t want to add any unnecessary load to the network and false positives need to be avoided.

Once the phantom devices have been discovered you need to set up a process to incorporate them into your Network Management System (NMS) or remove them from the network

InfoSim SableNet

Has the ability to help you in this process by using the automated discovery engine. This allows you to tag and then reporting on phantom devices. You can then see how they are connected to the network and using SNMP and the NCCM module you can then manage or remove these devices from your Network