General FAQs

How many network segments can Nodeware monitor?
Nodeware supports monitoring of 1024 address space, which can be defined as up to 4 Class C network segments. These can be traditional subnets or ranges within a larger network.

What is required to monitor another subnet on my network?
Nodeware is capable of monitoring link-local (MAC) networks as well as those separated by a Layer 3 switch or router (IP routing), provided it has the correct permissions.

Nodeware joins a network as a member, meaning it is distinct from the network control devices and not in the flow of traffic. As such, Nodeware requires that the network connection given has visibility into any segments you wish to add. A simple way to test this is from another machine in the same switch and subnet to attempt to ping or connect to a machine in the other subnet.

If any filtering is applied, including restricting certain types of traffic, this may impact results of scans, from not identifying new devices, to incorrect or incomplete fingerprints, or inaccurate vulnerability scans. If possible, the Nodeware Sensor appliance should be exempted from any such traffic restrictions and/or the network port should be configured to allow proper visibility.

Can Nodeware monitor my remote location over a site-to-site VPN?
It is not recommended to use Nodeware across VPNs for several reasons, primarily the additional latency a VPN connection introduces between a Nodeware Sensor and the target machines. Network monitoring and vulnerability scanning are dependent on timing and introducing lag can produce incomplete or inaccurate results.

Nodeware is designed to be flexible and gather data from multiple Nodeware Sensors that can be rolled into a single dashboard or report. It is best practice to deploy at least one Nodeware Sensor appliance to each physical location, depending on how large an address space you are looking to monitor.

NOTE: Nodeware however can be used across a VPN connection if the following exists:
The remote machine obtains its IP address from the host end of the VPN connection, or the IP address is statically assigned with its Gateway address set to the host side of the network.

How does Nodeware handle assets with IPs that always change?
Nodeware Sensors are designed for DHCP (dynamic addressing) networks and use other sources of information as the primary and IP as the secondary identifying information Customers should not have any issues with the same devices switching IPs and being double counted.
• When a sensor is deployed on the network, Nodeware will see the assets’ MAC addresses and use it to track assets.
• Hostnames are another mechanism used but not universal.

Does Nodeware work in Industrial Control Systems (ICS) and Operational Technology (OT) environments?
Yes. Nodeware will scan anything with an IP address, so limited to the controllers and interfaces. ICS/OT networks are notoriously fragile, it is recommended to add the network to a sensor outside of normal business hours, the sensor itself could be stood up and the networks added later (or devices one by one by individual IP address). In this way, if there is an issue, the asset can either be paused, which disables the vulnerability scan temporarily, or decommissioned, which would stop scans completely.

When does the billing cycle start/end?
The billing cycle is synced to the calendar month in the UTC time zone. This means the end of the month is 8 PM (ET), 5 PM (PT) on the final day of the month. Any changes to assets should be made in advance to avoid carrying over into next month.