Imagine coming home after your vacation to discover your house has been ransacked. Someone broke in, stole your valuables and left your place in shambles. You call the police, and a team rushes over to dust your front door, furniture and other belongings for fingerprints. If they find any that don’t belong to you or anyone else who lives in your home, they have substantial evidence to begin their investigation, find and convict the criminals, and hopefully recover your missing goods.
As it turns out, fingerprints don’t only help catch criminals in the physical realm – they’re also useful for strengthening security in the digital realm.
In this post, we’ll explain what device fingerprinting is and how it works. We’ll also explain how device fingerprinting can be used to reduce the risk of a cyber attack against your corporate network, by ensuring you have all the data you need to optimize and protect every device across your technology asset estate.
A device fingerprint is a collection of information about the hardware and software of a computing device. A fingerprinting algorithm is used to assimilate the information and create an identifier for the device. Some of the information these algorithms leverage include:
Although none of the data collected may be unique to a single device, it’s unlikely that two devices will have the exact same combination of attributes. Just like an actual fingerprint, a device fingerprint is one-of-a-kind. That’s why it can be used to identify a device in the absence of cookies or when the client IP address is hidden.
There are two types of fingerprinting: active and passive. Malicious software leverages active fingerprinting to send packets to a victim’s host, wait for a reply, and analyze the results with the intent of launching an attack.
Passive fingerprinting, on the other hand, is used defensively in cybersecurity software and services to identify and recognize devices. Rather than actively sending packets to a target system, it monitors network traffic data at the gateway or router using HTTP. The HTTP protocol requires clients to send a user agent that contains a description of the client system, and is a popular technique for ensuring devices are protected and updated with the latest available OS versions.
Lansweeper leverages device fingerprinting in its Credential-free Device Recognition (CDR) technology. CDR applies big data, AI and advanced machine-learning techniques to identify and recognize devices passively, and has uniquely identified over 1.2 billion devices (and counting) across various environments. Devices are detected and recognized instantly – even those that only touch the network briefly – and fingerprints are generated, encrypted and stored in Lansweeper’s database.
Device fingerprinting enables Lansweeper to more accurately determine the asset type of certain devices, and to add additional information that could previously not be retrieved without credentials. Fingerprints consist of a MAC address and are further enriched with granular data about the manufacturer, model and OS. During a scan, the fingerprints are sent to the Lansweeper-owned recognition API, which returns more information about the device to be added to the database. Upon the next network scan, all of this information is applied to the device, creating a more complete picture of all its unique attributes.
By embedding device fingerprinting technology in their products, telecom and cybersecurity providers can enhance the customer experience by enabling users to quickly identify all connected devices – IT, OT and IoT with a high degree of accuracy. Fingerprints can be used in conjunction with Zero Trust Network Access (ZTNA) solution to authenticate users and determine whether a device attempting to access the network is trusted. They can also be used to detect unauthorized access – a mismatch between a user and a device, or an unknown device accessing the network, could signify a security risk or malicious activity. Other use cases include: