SolarWinds UDT Discovers Rogue Devices Invading Enterprise Networks

By Frank Ohlhorst  |  Posted 2013-08-07 Print this article Print

  • Network User and Device Watch List: Administrators can build comprehensive lists based upon policies that identify and track both users and devices, providing a quick way to identify anomalous usage or connections.
  • Device Whitelisting: Known and authorized devices can be whitelisted, providing a methodology to allow those devices to connect. That allows administrators to be instantly informed if a device not on the whitelist attempts to connect.
  • Remote Port Shutdown: Administrators can control ports and connections directly from the UDT dashboard, making it easy to take immediate action against an intruder or suspicious connection.
  • Customizable Network User and Device Reports: Extensive reporting capabilities allow administrators to create everything from device usage reports to user access reports to historical or trend reports based upon connections made. Other key reports include rogue device detection, frequency of use and location-based analytics.
The products dashboard, which is named the Lucid Web interface, proves rather simple to navigate. All of the product's main features are readily available via pull down menus and the various graphs, charts and informational screens are easy to understand. The primary dashboard features a summary of critical data elements, such as Total Port Usage (in a pie chart), Rogue Devices (as an interactive list), logged in users (as a refreshable list) and top port usage statistics (in a graphical list). Other elements are also shown on the configurable dashboard, and most every displayed item supports drill down for further details.

I found the Rogue Device List a very important dashboard element. From that list I could ascertain what rogue devices had connected and then take instantaneous action against those devices, such as add to a whitelist, watch the device, block the device or drill down further into it. When first deploying the product, the Rogue Device list will also be an important tool for building up your first whitelist.

The All UDT Nodes dashboard element proved to be equally important. From that list I was able to drill down further into the switches on the network and look at the ports in use to determine the status of connectivity on a port-by-port basis. I also came to appreciate the power of the Top 10 Nodes list, which, at a glance, was able to show me the percentage of use on a given node (switch) and determine if there was a traffic storm or connection overload.

The ability to watch devices also proved to be a key feature. Here I was able to pick the devices that should be on the watch list, and then keep an eye on those devices for connections, users and activity. From that watch list, I was able to drill down further and determine when the device was last seen, what IP address was in use and even determine if the device was on a vLAN.

I also had much of the same capabilities with the User Logins list, which showed me when the user last logged in, what domain the user logged in from and other Active Directory-related information. Events and Alerts are also displayed on the dashboard, which gives administrators the ability to understand what is happening on the network in a matter of seconds. This is a great way to start the day for those charged with maintaining network infrastructure.

I found the ad-hoc reporting module to be very useful, especially for forensic and investigative purposes. Since the product stores historical information, I was quickly able to create reports that showed the specifics of connectivity, allowing me to reconstruct the access profile of a given user or device.

All things considered, I found UDT to be an excellent tool that offers valuable insight and control of devices attaching to the network. UDT is part of the SolarWinds network management product family and can be integrated into the company’s Orion network management platform.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel