Issues with device fingerprinting technologies
Current device fingerprinting technologies are a combination of active and passive methodologies of looking at network information or the application layer of ethernet traffic. This approach to fingerprinting does not accurately identify devices or their behavior and leads to inadequate and insufficient controls to protect the device and the infrastructure it operates in.
What We Need
In today’s environment, we have an explosion in the number & type of electronic devices that are connected via multiple communication protocols like WIFI, Zigbee, Bluetooth, BLE, and cellular networks. Device fingerprinting needs to be done based on the unique characteristics of the device across multiple dimensions, for instance, multiple layers like hardware, software, logical, functional, and operational characteristics. This approach provides the needed richness of context in device information which when combined with ML algorithms and rules yields a very rich data set to accurately set controls and policies.
WootCloud TrueID
WootCloud TrueID goes beyond traditional fingerprinting by analyzing over hundreds of device parameters to generate a unique device identifier and authenticity rating called TrueID which renders 3 types of device fingerprints:
- Device identity
- Device group
- Device operational
Following the principles of Zero Trust, WootCloud TrueID works on the assumption that all devices trying to gain access to the network are compromised and have their Mac IDs already spoofed. To authenticate such devices, WootCloud TrueID ML algorithms generate their own set of Mac IDs for every device presenting itself for credentialing and only provide access when there is a true match. TrueID accurately identifies every device, groups similar devices together, and establishes the device group’s normal operation and function. This is a far superior measure and approach to establishing an effective Zero Trust security architecture because TrueID
- Automatically identifies all types of devices in the organization.
- Instantly identifies anomalous behavior in the devices whose fingerprints have been collected.
- Generates labels based on all the collected information, intermediate insights and final fingerprints and uses these labels in the micro-segmentation and policy layers.
- Offers insights about the risks, threats associated and best practices
Zero Trust is rooted in the principle of “Always verify, never trust” which means verifying a person’s identity first, before giving them access. WootCloud’s TrueID takes it one step further. It involves gathering deep device identity information coupled with behavior profiling data, and uses ML and AI to give you a rich data set to use in device and network micro- segmentation and risk management.
This way it would allow you to granularly grant access to only the devices you actually want on your network while retaining a strong degree of confidence that you actually know that the end-device is what it says it is.
Our unique approach using WootCloud TrueID was instrumental in delivering an end to end device security solution at a large data storage company and a cloud computing company too. To learn more please visit www.wootcloud.com or schedule a demo at www.wootcloud.com/demo.