4 Replies Latest reply on May 26, 2015 9:45 AM by foose

    Scanning and Asset Discovery

    madamada16

      Hi Guys,

       

      What is the best way to monitor your asset? I have a monthly full vulnerability scan (non intrusive) and asset to scan are based on asset tag. I am not sure if there are changes on network like there are new servers added. In this case how can I monitor and know if there are new asset and to include on my monthly scan.

       

      thank you for your assistance.

        • 1. Re: Scanning and Asset Discovery
          foose

          With MVM alone, you will have to look for assets via network sweeps.   However, you have other options if  you want to "continuously monitor" your network. 

           

          MVM does have a sister product called MAM (Mcafee Asset Manager).   This listens for ARPs and/or on span traffic with collectors to passively look for traffic much like an IDS but to identify devices &, in some cases, software talking on your network.  Once a device is found, you could have it reported back into MVM and tagged as new device. 

           

          If you have ePO in your environment, you can also look at utilizing the RSD (Rogue System Detection) functionality.   This uses your ePO agents to listen on ARP tables for new MAC addresses and identify when new devices are communicating on the network.  In ePO you can then tag those new devices and, depending on how integrated you have MVM with ePO, use that for automated scans against new boxes.

          • 2. Re: Scanning and Asset Discovery
            madamada16

            thank you so much foose.. will check out your ideas.

            • 3. Re: Scanning and Asset Discovery
              sunilgmanj

              Dear Foose,

               

              Can you confirm which one is better option from Business and usability prospective between

              1.sister product called MAM (Mcafee Asset Manager). 

              2. EPO integration .. this also provided based two scenario

                a. ePO live integration

                b integrate ePO with RSD

              • 4. Re: Scanning and Asset Discovery
                foose

                MAM has direct integration with MVM due to the "continuous scan" you can set up via MVM UI.  However, it will require at least 1 additional server/VM to be deployed and probably more than that put in  your environment at various choke points to properly listen on span ports for new devices. However, depending on your licensing with Mcafee, this might be a "free" option.

                 

                With RSD, you can utilize current ePO infrastructure & clients to act as listeners on various subnets.  There would be some integration on your part to tag new devices seen then to pass the tagged information back to MVM (which I think is possible), but would require no new endpoints to be added to the environment.   You also get the added benefit of enhanced reporting for MVM in ePO post 7.5.8.  

                 

                I highly suggest you contact your Mcafee sales person and discuss the options and request demos of both products and see how it best suits your environment.