Passive Monitoring Tools


Passive Monitoring Network

Passive Monitoring Tools is in techniques used in capturing traffic from the network by copying traffic, often from various ports or ports or through network taps. This can be used in application management for trend and predictive analysis performance. Passive monitoring is also used in web optimization performance in the form of monitoring real users. 

Finding and assessing assets in modern IT and operational environment technology (OT), requires a lot of sensors; active scanner, agent, and passive network monitor. Each sensor has a unique advantage, and many organizations rely on all three to maximize their ability to measure and manage cyber risk. Nessus® Tenable Network Monitor (NNM), passive sensor monitoring, continuously finds active assets on the network and assesses them for vulnerabilities. 

NNM is based on network discovery patents and vulnerability analysis technology that continuously monitors and profiles non-intrusively. It monitors IPv4, IPv6 and mixed network traffic on the packet layer determining topology, services, and vulnerabilities. The Nessus Monitor network functions as an integrated component of Tenable.io ™ VM, Industrial Security ™ and Tenable.sc (formerly SecurityCenter), enabling full visibility into traditional and modern assets.

Main Challenge

Examination of newly connected assets. Security and operations staff must quickly determine whether the assets just connected to their network are authorized so that they can take corrective action, if needed. Obtain vulnerability visibility between active and agent scanning. Depending on the frequency of scanning, organizations may need to close real-time visibility of vulnerabilities to critical assets so that they can reduce them before the enemy exploits them Passive Monitoring Tools. 

Monitor operational technology networks safely. Programmable Logic Controllers, Remote Terminal Units, and other OT devices cannot accept agents, and they can be interrupted by active scanning. Security staff need a way to inventory and assess assets in the PL environment, without the risk of causing blackouts.

Solution Requirements

A number of commercial and open source organizations offer passive network monitoring products. However, the capabilities and maturity of these products vary greatly, so it is important to define the most important requirements for your organization. Without defining your requirements, you can just invest your budget and time to determine that the product chosen cannot meet your needs. Access to network traffic. 

Passive monitoring sensors must be able to "see" network traffic to be monitored. The sensor must be able to connect to the physical TAP or SPAN port. In addition, if you need to monitor virtual traffic in the cloud or in a virtual infrastructure, the sensor must be able to run correctly the configured virtual machine. Protocol support. In addition to TCP or UDP, you must ensure that passive monitoring solutions support other protocols that you need with Passive Monitoring Tools. 

Download Network Monitoring 

Network Monitoring 
Free Driver

This might include SCTP, ICMP, IPIP and IDP; not to mention the OT protocol. These might include BACnet, CIP, DNP3, Ethernet / IP, ICCP, IEC 60870-5-104, IEC 61850, IEEE C37.118, Modbus / TCP, OPC, PROFINET and Siemens S7. Discovery and profiling of assets. In addition to supporting protocols, passive monitoring solutions must recognize assets using protocols. This will include IT assets, such as servers, desktops, laptops, network devices, web applications, virtual machines, cellphones and clouds. 

They can also include OT assets, such as PLCs, RTUs, HMIs, communication adapters and more. Vulnerability assessment. Building on the discovery and creation of asset profiles capabilities, passive monitoring solutions must also identify known vulnerabilities in assets. This vulnerability allows remote access, increased privileges, buffer overflows, and more. Real-time notification. Passive monitoring solutions should be able to send events to your SIEM when new assets are used detected. This supports the removal of assets from the network if it should not be on thePassive Monitoring Tools.

Discussion: