Medigate Classification Details

 

This article summarizes which IT, OT, IoT and IoMT device attributes can be enriched from our connector with Medigate, and the benefits of using that enriched data in policy.

 

Our integration with Medigate by Claroty is intended to allow customers to use the most accurate device classifications in policy decisions. Medigate’s collector sniffs, filters and parses traffic in order to analyze IT, OT, IoT and IoMT device protocols over time. Elisity leverages our own rapid device discovery mechanisms along with the Medigate analysis so that our customer’s devices get the most appropriate policies applied in a timely manner. 

 

When a new device is discovered by any Elisity methods, CCC queries Medigate using the following parameters to identify the device using: 

  • MAC + IP Address if both available 
  • MAC Address 
  • IP Address

Engage Elisity support to modify the behavior of the above query order. 

 

Mapping of Medigate data objects to Elisity 

 

 

Other Considerations

Latency and timing considerations: 

As Medigate analysis involves extensive protocol analysis there are situations where a new device classification may change or additional device attributes are gleaned over an extended period of time.  

Cloud Control Center will query Medigate for new information every 24 hours. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. 

Admin-initiated refresh of device info from Medigate: 

Customers should not normally need to use this function, but device classification info retrieved from Medigate can be refreshed on demand for any specific device. 

 

Enriched Data in IdentityGraph

The Identity Graph in Elisity provides detailed insights into the devices connected to your network. The enriched data displayed for each device helps administrators quickly assess and manage the security posture and connectivity of their network assets. Below is an explanation of the key elements shown in the enriched data view for a device:

Types of attributes gleaned from Medigate and example values are below:

  • Device Genre: Indicates the genre or type of device, classified as IT.
  • Class: The broad category the device falls under, here identified as Computers.
  • Vendor: The manufacturer or vendor of the device, listed as VMWare.
  • Type: The specific type of device, which is a PC.
  • Operating System: The operating system installed on the device, here it's Windows 10/11/Server 20....
  • Risk Score: A calculated score indicating the potential risk associated with the device, with 59 being the score shown.
  • Risk Score Level: The classification of the risk score, marked as HIGH.
  • Purdue Level: The Purdue model level assigned to the device, which is 3.
  • Last Update: The last time the data was updated, noted as 08/28/2024, 12:57 AM.
  • Asset ID: A unique identifier for the asset within the system, denoted as HCUBDOA.
  • Combined OS: Indicates combined or possible operating systems, showing Windows 10/11/Server 20....
  • Device Type Family: Classifies the family of the device type, such as PC.
  • Domain Name: The domain name associated with the device, identified as VE.ELISITY.COM.
  • Financial Cost: The estimated financial cost range of the device, noted as $1,000-$10,000.
  • Matched Source: The method used to match the device, here it's IP + MAC.
  • OS Category: The category of the operating system, listed as Windows.
  • OS Version: Details about the operating system version, displayed as 10/11/Server 2016/Serve....
  • Site Name: The name of the site where the device is located, listed as main.

This enriched data allows administrators to have a comprehensive view of the device's identity, risk, and operational status, enabling more informed decision-making regarding network security and policy management.

 

Was this article helpful?
0 out of 0 found this helpful