Use Cases: Network Partitions

Sample use cases for setting up networks in RiskSense.

Two key elements in the RiskSense platform are networks and groups. Networks determine an asset’s uniqueness, while Groups provide access controls to assets. There is no hierarchical relationship between networks and groups.

When uploading data to the RiskSense platform, the user must designate a network partition for the upload.

RiskSense uses Networks to determine if data should be aggregated by IP Address or by Host Name. This way, you can configure your networks in the RiskSense platform to match the way you perform your network scans.

If your scanners are tuned to return a hostname, we recommend you upload your scans to a network aggregated by hostname.

If your scanners are tuned to return a static IP address, we recommend you upload your scans to a network aggregated by IP.

As an example, let’s say that your workstations receive hostnames but some of the devices are wireless and receive different IP addresses each time they connect to your internal network. In that scenario, upload your workstation-environment scans into a hostname-based network. Let’s also say that you have a number of assets that live outside your firewall. These devices do not communicate with DHCP but have been issued static IP addresses. In this scenario, upload vulnerability scans of those external hosts to an IP-based network partition. Keep in mind that these scans must be uploaded to the correct network consistently to avoid accidental asset duplication in the RiskSense platform.

In most cases, there is no need to have more than one hostname-based and one IP-based network.  However, if you have overlapping IP ranges, these can be managed by network partitioning. Assets in each network are treated as unique, even if they have the same IP address. If they are uploaded to separate networks, the data will not be merged.

A common use case for defining and leveraging more than one network of the same aggregation type would be organizations that grow through acquisition. If your environment uses the 10.5.10.x space for workstations and you acquire a new location that leverages the same 10.5.10.x address space, we suggest creating a second IP-based network to upload the acquired office’s scan data. This allows the RiskSense platform to keep hosts with identical IP addresses as separate entities.