6.1.8. Lateral Visibility
The Lateral Visibility function is designed to enhance network visibility by scanning for and analyzing devices within the same network.
The function integrates device discovery, port scanning, banner identification, and operating system (OS) detection into a unified approach. By doing so, it provides network administrators with a more complete picture of the network landscape, enabling them to monitor, analyze, and secure networked assets more effectively.
6.1.8.1. Key features
Device detection: The lateral visibility function can identify devices on the same network by scanning IP addresses and determining which are active. It achieves this by sending a ping request to each potential IP address in the subnet. If a response is received, the device is marked as active, allowing the system to focus on these devices for deeper inspection.
Port Scanning: The function examines all ports (from 1 to 65535) on each active IP address to detect open ports identifying potential vulnerabilities.
Banner Retrieval: The function attempts to retrieve banner information. A banner is data returned by a service in response to a network request, often containing information about the service and version running on that port.
Operating System Detection: Based on the banner information, the function attempts to identify the operating system running on each device. For example, a banner containing “Windows” indicates a Windows OS, while “Linux” suggests a Linux-based system. Otherwise, an empty string is returned.
6.1.8.2. Enabling Lateral Visibility
Enabling the Lateral Visibility function, requires two steps:
Populate ON CMDB > Networks with the networks desired to be scanned.
Activate the function in the Agent Profiles under the Service configuration section by enabling the flag Enable Agent lateral visibility.
After the Agent scans the network and executes a Policy Evaluation, it will result in a SCANNED NETWORKS Payload type that displays the broadcast address, netmask, and IP address information. Additionally, the payload includes the set of tags related to the discovered device:
