Device Platform Intelligence (DPI)

What is DPI

BYOD, which uses a personal device in a business network, or IoT, in which all IT devices are connected to a network, makes todays networks more sophisticated and versatile than before. This puts a heavy burden on administrators responsible for IT security.

IT managers need to protect the network from vulnerable devices by allowing only authorized devices to connect to the network. However, it is not easy to identify and manage the various devices that are connected between many access points in an organization.

Genian NAC provides Device Platform Intelligence to make this task easier for administrators.

First, Device Platform Intelligence identifies the manufacturer, product name, and model name of devices connected to the network through various intelligent methods. Through the identified Device Platform, the administrator can inquire various information possessed by the device such as:

  • Photos of the device
  • Type of device connection (wired, wireless)
  • End of Sale (EOS) status of the device.
  • End of Life (EOL) status of the device
  • Manufacturer
  • Country of manufacturer
  • Manufacturer Business Continuity Status
  • Acquisition of manufacturer

This additional information makes it easier for administrators to manage IT by providing greater visibility into devices on their network.

Device Platform and CVE

Common Vulnerabilities and Exposures (CVE) is a database of vulnerabilities in IT equipment and software provided by MITER. More than 1,000 new vulnerabilities are released each month. IT managers must identify vulnerabilities associated with IT devices they manage. Genian NAC can identify the IT devices in the network and show their CVEs to make network management easier.

How to Detect Device Platform

Genian NAC will detect connected device platforms using various information collected by the Network Sensor. When a device connects to the network, packets are sent out and the device responds with one or more protocols. Genian NAC uses the following protocols to detect devices platform information

Active Method:
  • HTTP / HTTPS header and body
  • Web Browser User-Agent
  • TELNET / SSH / SMTP banners
  • Open Port
  • SNMP OID / Description
  • SIP
  • and more
Passive Method:
  • Web Browser User-Agent (using SPAN port)
  • MAC Address
  • Hostname
  • DHCP Request
  • UPNP
  • HPSLP
  • and more

Genian NAC is using our own, highly advanced platform database (GPDB) for detecting device platforms. GPDB has various patterns for matching against device information to ensure that platforms are accurately detected. To provide paramount accuracy, the GPDB is updated weekly so that the newest devices on the market can be quickly identified within the network. (Weekly GPDB updates are for the Paid Edition Only. The Free Edition’s GPDB is updated monthly)

Node Types

Each Device Platform has a Node Type, such as:

  • Policy Server
  • Network Sensor
  • Virtual Sensor
  • Switch Port
  • Sensor Alias
  • Virtual IP
  • Wireless Sensor
  • Undefined
  • PC
  • Mobile Device
  • Server
  • Network Appliance
  • Wireless Device
  • Router
  • Switch
  • Security Device
  • Printer
  • VOIP
  • Other

You can browse or make policy based on this node type information.

Genian Platform Database (GPDB)

GPDB is a database that stores device platform detection pattern and device platform information related to DPI. This GPDB is constantly updated via Genians' device platform engineers. This makes it possible to detect new devices quickly without any additional work.

To check the time of the last updated GPDB

  1. Go to System > Genian Data
  2. See time of Platform Information

See Device Platform Intelligence

You can see additional device platform information through Device Platform Intelligence page.

To see individual nodes information,

  1. Go to Management > Node in the top panel
  2. Find and click a desired Platform name of Node

Define a Node Platform Manually

  1. Go to Management > Node in the top panel
  2. Select the desired node’s IP Address

Under General tab

  1. For Platform, click Checkbox to Manually define
  2. Manually enter Platform Name
  3. Click Update

Note

In Node View you will now see a Icon next to name in the Platform Column. This Icon will indicate this has been manually defined.

Create a User-defined Node Type

  1. Go to Preferences in the top panel
  2. Go to Properties > Node Type in the left Preferences panel
  3. Click Tasks > Create
  4. Enter a Name and select an Icon (Click **Add* to upload your own icon*)
  5. Click Save

Note

A User-defined Node Type must be defined manually and added to the node.

  1. Go to Management > Node in the top panel
  2. Click on desired node IP Address

Under General tab

  1. For Node Type, click Checkbox to Manually define
  2. Select Node Type
  3. Click Update

Report Unknown/Wrong Platform Detection

If for some reason Genian NAC cannot detect the Platform of a device, one of the following could be the underlying reason:

  • Not enough information: A device is not sending packets or is not responding to any request. This is possible if the OS has a Firewall active
  • No matching pattern in GPDB: Node information has some evidence of a specific Platform, but the GPDB does not have that matching pattern yet.

In case there is no matching pattern in our GPDB, you can send that Nodes information to the Genian Cloud using the Report Wrong Platform dialog. Once Genians has received the report, our engineers will investigate the Platform pattern and update it to the GPDB.

Disable Reporting Unknown Platform

By default, Genian NAC sends a Report Wrong Platform for unknown Platform Nodes every day. All sent information is readable from outside of the device. To deactivate sending a Report Wrong Platform to the Genian Cloud, follow these steps:

  1. Go to Preferences in the top panel
  2. Go to General > Node in the left Preferences panel

Under Detection

  1. For Reporting Unknown Platform, select Off
  2. Click Update