Scanning the Devices You Can't Log Into
A camera on a customer network introduced itself as axis-00408c1a2b3c. Hostname, manufacturer, even its MAC address — volunteered to anyone who connected. Nobody logged in.
Every network has devices like this: cameras, appliances, badge readers, the ESXi host from an acquisition, the vendor-managed box in the DMZ. Nobody has credentials for them, so discovery tools mark them "failed" and your inventory quietly skips the least patched, least documented equipment you own.
We just shipped credentialless discovery in the Tripl-i scanner. Devices reveal a lot before any login — certificates carry hostnames, Windows shares its name and OS version while negotiating a connection, SSH announces its software. The scanner now reads all of it. Same information any client sees on connect; no passwords, no exploitation.
What that gets you:
The unmanaged corner of your network finally shows up in inventory — named and classified, not "something at 10.140.2.61". Vulnerability matching works from version banners alone. Shadow IT surfaces on its own. And "what's actually on this VLAN?" becomes a report instead of a walk to the server room.
The part we sweated: no junk records. Everything found is logged, but only devices with a reliable, re-recognizable identity become assets — otherwise DHCP would fill your CMDB with duplicates in a month. When you later get credentials, the full scan enriches the same record.
And your SOC stays in charge: every new probe ships disabled, upgrading adds zero new traffic, profiles and rate limits are explicit, and OT equipment is automatically spared the noisier checks.
The devices you couldn't log into were always the ones auditors asked about first. Now they're on the map.
Full write-up on the blog 👇 www.tripl-i.com
#CMDB #ITDiscovery #AssetManagement #NetworkSecurity #ITAM #ShadowIT #ITOM