What is Active Scanning?
Active scanning is a scanning method whereby you scan individual endpoints in an IT network for the purpose of retrieving more detailed information. With active scanning, you send packets or queries directly to specific assets rather than passively collecting that data by "catching" it in transit on the network's traffic. Simply put, active scanning is an immediate deep scan, done on selected targets, to get very detailed information. These targets can be single devices or groups of devices.
Why use Active Scanning?
Active scanning is performed to identify, track, and manage IT or OT assets. Aside from basic asset information, it also collects detailed data like patch levels, installed software info, user info, etc. It is useful for many different use cases, including vulnerability assessments, compliance audits, and other tasks related to ITAM and SAM. For example, a device that has not been updated in a while or is being accessed by someone who should not have access. These scans are therefore ideal to help investigate assets & increase a network's cybersecurity.
What is Passive Scanning?
Passive scanning is a scanning method that continuously scans an entire network for the purpose of monitoring all connected devices at the same time. In doing so it only gathers basic asset information that it intercepts in the network traffic. The fact that it monitors continuously makes passive scanning also very useful for cybersecurity reasons, as it can, for example, instantly detect rogue devices.
Active vs. Passive Scanning
A question that sometimes pops up is whether you should use active scanning or passive scanning. Active scanning has unlimited reach, it scans on-demand at certain predefined intervals and it can scan devices that require certain integrations, like Airwatch, Intune, ChromeOS, SCCM, and more. This also means that active network scanning takes more time to set up, is slower to run, and requires more resources than passive scanning. As a result, it is possible for rogue devices to slip through between active scans. In contrast, a passive scan continuously scans the network traffic and picks up data as it passes through. This means that it can pick up rogue devices more easily than an active scan. However, passive scanning retrieves less detailed information about your assets because it only performs credential-less scans.
But because of their differences, they complement each other well. Therefore, most IT managers combine both scanning methods to get a complete overview of their IT estate.
Active and Passive Scanning with Lansweeper
With Lansweeper you do not have to choose between active or passive scanning. Our software combines both into one solution. Lansweeper passive scans are made possible by Asset Radar. This Lansweeper passive scanning feature provides you with basic, real-time information about all the assets on your network. And using only the MAC/IP address, Lansweeper can retrieve more information from passive scans than conventional scanners thanks to its Credential-Free Device Recognition (CDR) technology. CDR detects and recognizes every device on your network - even non-scannable devices - without the need for credentials or complex pre-configurations. And at any time you want, you can perform an agentless follow-up active deep scan with credentials to get all the detailed hardware, software, and user data you want from your assets. Simply put, Lansweeper offers unmatched visibility of your entire IT estate.