As an MSP/MSSP you must deal with many different issues and fires every day. You must also deal with malicious actors that plague your customers’ weakest entry points. You ensure that each and every end point is as secure as possible by scanning and patching operating systems, software, and even device drivers. What about when a rogue new PC is plugged into the network?
Rogue Devices Need to be Detected in Real-time, right?
Networks are very dynamic today, with the concepts of work from home, hybrid work force, BYOD, etc. As an MSP you need to keep track of nearly every device, as you need to know where the weakest links are in the network. Surely you know that the attackers have most likely entered the network at some point, so they might be looking for the perfect opportunity to move laterally and maybe even gain proprietary privileges. This is why you need to constantly be looking out for new devices and be alerted when a new device is discovered on the network.
Ideally, you will want to install an agent on that device so that device can be scanned and patched, but that might not always be possible, as in the case with our rogue PC. That PC is not controlled by the corporation, so the local credentials are not known to install the agent. This is exactly why the device needs to be known and alerted.
New Devices Need to be Controlled and Secured
With the networks being dynamic, MSPs can’t be made aware of every new device that is introduced into the network for every company. Therefore, dynamic and an automated device discovery is mandatory. Not only should the device be discovered automatically, but an agent should also be installed as soon as it is discovered. This ensures that the device can be patched for the OS, software, device drivers, etc.
Summary
MSPs need to have systems in place that protect their customers. Automating the discovery of new devices is an ideal way to protect customers from rogue devices, as well as qualified devices. Patching is essential, so agents should be installed during discovery so all patches can be automatically installed to ensure the new device is as secure as possible as soon as it is functional on the production network.