Managing dynamic discovery of assets
What is Dynamic Discovery, and why use it?
It may not be unusual for your organization’s assets to fluctuate in number, type, and state, on a fairly regular basis. As staff numbers grow or recede, so does the number of workstations. Servers go on line and out of commission. Employees who are traveling or working from home plug into the network at various times using virtual private networks (VPNs).
This fluidity underscores the importance of having a dynamic asset inventory. Relying on a manually maintained spreadsheet is risky. There will always be assets on the network that are not on the list. And, if they’re not on the list, they're not being managed. Result: added risk.
One way to manage a "dynamic inventory," is to run discovery scans on a regular basis. See Configuring asset discovery. This approach is limited because scan provides a snapshot of your asset inventory at the time of the scan. Another approach, Dynamic Discovery, allows you to discover and track assets without running a scan. It involves initiating a connection with a server or API that manages an asset environment, such as one for virtual machines, and then receiving periodic updates about changes in that environment. This approach has several benefits:
- As long as the discovery connection is active, the application periodically discovers assets "in the background," without manual intervention on your part.
- You can create dynamic sites that update automatically based on dynamic asset discovery. See Configuring a site using a Dynamic Discovery connection. Whenever you scan these sites, you are scanning the most current set of assets.
- You can concentrate scanning resources for vulnerability checks instead of running discovery scans.
Verify that your license enables relevant features
The following types of Discovery Connections require the Dynamic Discovery option:
- Amazon Web Services
- DHCP log servers, VMware servers
- McAfee ePolicy Orchestrator and Data Exchange Layer
- Project Sonar, see Working with Project Sonar for more information
For McAfee Data Exchange Layer connections, your license must also enable the Adaptive Security option.
For ActiveSync connections that allow you to discover mobile devices, your license must enable the Mobile option.
Verify Virtual Discovery
To verify that your license enables Virtual Discovery:
- From the left-hand navigation menu, click Administration.
- Under Global and Console Settings, click the Administer settings link for the Security Console.
- From the Security Console Configuration page, select the Licensing tab.
- Scroll through the License Details to make sure the Dynamic Discovery and Mobile features are checked.