Smart Polling

Smart Polling uses active polling methods to collect network device attributes that are not present in network traffic. This enables accurate device vulnerability analysis, and enhances their identification on the Nozomi Networks platform.

Overview

Smart Polling™ extends the asset identification capability in Arc and Guardian. To do this, it adds active polling methods that provide more granular information about devices in your network. This non-invasive technique actively collects additional device details, such as:

operating system (OS)
Firmware versions
Patch levels and more

With this additional device information, the platform creates a more precise list of vulnerabilities affecting your environment and a richer list of the devices in it.

Smart Polling is built around the concepts of identities, strategies, and plans. An identity is a relationship between a list of target devices and their matching credentials. A strategy defines how the platform will poll devices which is based on their communication protocols. For example, the SNMPv3 strategy uses the SNMPv3 protocol to poll devices. This ensures devices are polled appropriately and safely. A plan is the combination of a strategy, one or more identities, additional security settings, and the polling interval or schedule. The recommended mode for Smart Polling is Progressive Mode. When enabled, Guardian and/or Arc automatically creates Smart Polling plans for the user. This provides quicker visibility with minimal or no configuration.

Alternatively, you can select what devices you would like to poll, and when. When run successfully, strategies extract information that shows in the Smart Polling page. You can also view the device details throughout the platform.

Discovery and Smart Polling

Discovery and Smart Polling complement each other to ensure that devices are safely detected and enriched for accurate profiling and risk assessment, without impacting network stability. Discovery identifies devices on the network, while Smart Polling uses protocol-specific, low-impact methods to retrieve firmware versions, configurations, potential vulnerabilities, and other details that are not available through traffic monitoring.

Triggers

Smart Polling can be triggered in two ways:

Through a Smart Polling plan: If devices match an active plan in Arc or Guardian
After a successful Discovery: Newly discovered devices that meet a Smart Polling strategy will be automatically polled

Interfaces

Both Arc and Guardian support Smart Polling. When it is running, the platform automatically chooses the best interface to poll each device. This is based on where each device is located in the network, which is written in the capture_device of the Nodes table. This refers to the interfaces on Guardian, or the active Arc endpoints. For more details, see Execution options.