SolarWinds UDT Discovers Rogue Devices Invading Enterprise Networks

By Frank Ohlhorst  |  Posted 2013-08-07

SolarWinds UDT Discovers Rogue Devices Invading Enterprise Networks

Enterprise networks are experiencing a storm of connectivity, fueled by remote access, BYOD (bring-your-own-device) policies, virtual clients and the multitude of diverse endpoints demanding access to the network.

That situation has created challenges for the harried IT manager who needs to know the who and what that is trying to connect to the network to keep the enterprise security.

It all comes down to a simple question: If a network manager is unaware of a device, how can that manager control the connectivity to that device? Obviously, there are all sorts of technologies that can be deployed to validate devices, their users and control access. But those same technologies often come up short when it comes to detecting new devices or managing those that may only occasionally connect.

SolarWinds has come up with a way to address those shortcomings with its UDT (User Device Tracker), an application that starts at $1,795 and delivers the ability to discover, identify and control devices as they connect to the network. The product works hand in hand with the network's switching infrastructure to locate devices and control network access.

A Closer Look at UDT:

SolarWinds UDT is an application that is installed on the network and delivers automated user and device tracking along with switch port management capabilities. The product offers a browser-based interface, which is designed to allow administrators to stay in control of who and what are connecting to the network from a central, browser-based console.

UDT also can quickly locate an endpoint or a user, as well as track down lost or rogue devices through integrated searches that can be based upon a user name, IP address, host name or MAC address. What’s more, the product also stores historical data will show the last known location and when and where a device or user has connected.

I installed UDT on a test network to explore its capabilities and functions. My test network consisted of a Windows Server 2012 system, connected to multiple clients, with remote connectivity enabled via a broadband connection. The browser-based management required that IIS also be installed on the server, as well as Microsoft’s .Net and SQL Server Express to store the collected data.

Installation, as with other SolarWinds products, was wizard-driven and very simple to accomplish. However, installation is speeded by having a good understanding of your network architecture as well as the network switching environment. Overall, the installation wizard did a good job of detecting the network environment and offered easy-to-understand instructions to get started.

UDT has a relatively large feature set, especially when one considers that the product is designed to handle a small subset of the typical network management chores an IT manager has to deal with on a daily basis. In other words, the product is chock full of features that go beyond simple device discovery.

UDT offers these major capabilities:

  • Network Device Tracking: UDT brings to the table the ability to discover devices and track when and where those devices connect to the network, and stores all the pertinent information about those devices, connections and history.
  • Network User Tracking: The product is able to track users, as well as their devices, keeping an eye on who is connecting to the network, from where and on what device. That proves useful for vetting authorized users and tracking mobile access.
  • Discover, Map and Monitor Switch Ports: Along with tracking and monitoring users/devices, UDT also can detect what switch ports are on the network, and correlate the usage of those ports with devices and users. What’s more, UDT can create logical maps of the switches and associated ports, as well as provide control over the ports.

SolarWinds UDT Discovers Rogue Devices Invading Enterprise Networks

  • Network User and Device Watch List: Administrators can build comprehensive lists based upon policies that identify and track both users and devices, providing a quick way to identify anomalous usage or connections.
  • Device Whitelisting: Known and authorized devices can be whitelisted, providing a methodology to allow those devices to connect. That allows administrators to be instantly informed if a device not on the whitelist attempts to connect.
  • Remote Port Shutdown: Administrators can control ports and connections directly from the UDT dashboard, making it easy to take immediate action against an intruder or suspicious connection.
  • Customizable Network User and Device Reports: Extensive reporting capabilities allow administrators to create everything from device usage reports to user access reports to historical or trend reports based upon connections made. Other key reports include rogue device detection, frequency of use and location-based analytics.

The products dashboard, which is named the Lucid Web interface, proves rather simple to navigate. All of the product's main features are readily available via pull down menus and the various graphs, charts and informational screens are easy to understand. The primary dashboard features a summary of critical data elements, such as Total Port Usage (in a pie chart), Rogue Devices (as an interactive list), logged in users (as a refreshable list) and top port usage statistics (in a graphical list). Other elements are also shown on the configurable dashboard, and most every displayed item supports drill down for further details.

I found the Rogue Device List a very important dashboard element. From that list I could ascertain what rogue devices had connected and then take instantaneous action against those devices, such as add to a whitelist, watch the device, block the device or drill down further into it. When first deploying the product, the Rogue Device list will also be an important tool for building up your first whitelist.

The All UDT Nodes dashboard element proved to be equally important. From that list I was able to drill down further into the switches on the network and look at the ports in use to determine the status of connectivity on a port-by-port basis. I also came to appreciate the power of the Top 10 Nodes list, which, at a glance, was able to show me the percentage of use on a given node (switch) and determine if there was a traffic storm or connection overload.

The ability to watch devices also proved to be a key feature. Here I was able to pick the devices that should be on the watch list, and then keep an eye on those devices for connections, users and activity. From that watch list, I was able to drill down further and determine when the device was last seen, what IP address was in use and even determine if the device was on a vLAN.

I also had much of the same capabilities with the User Logins list, which showed me when the user last logged in, what domain the user logged in from and other Active Directory-related information. Events and Alerts are also displayed on the dashboard, which gives administrators the ability to understand what is happening on the network in a matter of seconds. This is a great way to start the day for those charged with maintaining network infrastructure.

I found the ad-hoc reporting module to be very useful, especially for forensic and investigative purposes. Since the product stores historical information, I was quickly able to create reports that showed the specifics of connectivity, allowing me to reconstruct the access profile of a given user or device.

All things considered, I found UDT to be an excellent tool that offers valuable insight and control of devices attaching to the network. UDT is part of the SolarWinds network management product family and can be integrated into the company’s Orion network management platform.

Rocket Fuel