In the field of information security, “fingerprinting” may refer to the act of obtaining data or information identifying a network asset or entity. Fingerprint data may identify the asset or entity itself or it may identify various secondary characteristics of the asset or entity such as product name, version information, CPU architecture, vendor name, etc.
Information security personnel or other types of operators may gather fingerprint data for a variety of reasons. From an asset or inventory management perspective, having a complete and detailed understanding of all assets in or in communication with a network may be necessary for effective IT governance.
As another example, accurate fingerprint data may play a pivotal role in vulnerability assessment, penetration testing, and other security-related tasks. Specifically, inaccurate fingerprint data and reliance thereon may result in false-positive and/or false-negative scenarios that can be harmful to a network's security.
There are several existing techniques that aim to reduce false-positives and false-negatives when fingerprinting network assets. One existing technique is to use only the most recently gathered fingerprint of an asset for analysis. Another existing technique is to use all available fingerprints. However, these techniques assume that each collected fingerprint is accurate and complete. Decisions that are made on incomplete or inaccurate fingerprints can yield detrimental results.
In other words, these existing techniques suffer from the “garbage in, garbage out” problem. That is, the resultant fingerprint data used to identify an asset is only as good as the source fingerprint data.
A need exists, therefore, for methods and systems that overcome these disadvantages of existing techniques.