IoT Security organizes subnets and CIDR blocks hierarchically to improve navigation of your network topology.
IoT Security learns about the addressing scheme on your network through several means. You can add subnets and Classless Inter-Domain Routing (CIDR) blocks manually, even specifying if a subnet contains devices that have static IP addresses. IoT Security can discover subnets by observing the exchanges between DHCP clients and servers. IoT Security can learn about subnets through third-party integrations with network switches, using SNMP for network discovery. It can also learn about subnets and CIDR blocks through IP Address Management (IPAM) integrations with BlueCat and Infoblox.
As IoT Security gathers network information, it organizes it hierarchically and displays the subnets and blocks on the Networks page. Blocks are logical partitions of IP address space that serve as an organizational tool for managing addresses. Large “parent” blocks can contain smaller “child” blocks and subnets, where devices are found.
IoT Security displays all the blocks and subnets it has been configured with, discovered, and learned through third-party integrations on the Networks page. When a “parent” block has other blocks and subnets nested below it, the number of its “children” is shown parenthetically. To see these blocks click the prefix of the block containing it.
For example, if you click the
block in the screen capture above, IoT Security displays a list of the blocks and subnets within it.
Notice how it contains 18 blocks and subnets and that some of the blocks have parenthetical numbers after them, indicating that there are other smaller blocks and subnets beneath them. You can continue to move downward to lower levels in the hierarchy by clicking the prefix of any block that has a parenthetical number after it. To move upward, click a higher level in the breadcrumb trail at the top of the page.
The Networks page mainly consists of a table presenting a hierarchical view of your network and attributes of the blocks and subnets that constitute it.
: There are three types of network categories:
  • Subnet
    – A network segment with a broadcast domain and gateway
  • Block
    – A partition of IP address space that can logically contain other blocks and subnets
  • Remainder
    – All IP addresses that aren't in more specific blocks or subnets contained within the current superset block
, and
: When manually adding blocks and subnets in the IoT Security portal, you can include a name and description and, for subnets, a VLAN. IoT Security can also learn these attributes through third-party integrations. BlueCat IPAM integrations can provide a name for a block or subnet. SNMP and Infoblox IPAM integrations can provide the VLAN for a subnet. An Infoblox IPAM integration can provide a description.
You can later modify the VLAN and description but not the name.
means a network has devices whose network activity IoT Security is monitoring or not.
: The number of device categories (such as Personal Computer or IP Phone) and the device profiles (such as PC-Windows and Poly IP Phone) in a subnet.
: There are several ways that a block or subnet can be added to IoT Security. This column shows where each block or subnet comes from. The following are the possible sources:
  • Discovered
    – IoT Security discovered a subnet by observing network traffic.
  • Config
    – A user manually configured an IP block or subnet.
  • Preconfig
    – An IP block was preconfigured by IoT Security and cannot be removed. For example, the Class A private block.
  • BlueCat IPAM
    – IoT Security learned an IP block or subnet through integration with BlueCat IPAM.
  • Infoblox IPAM
    – IoT Security learned an IP block or subnet through integration with Infoblox IPAM.
  • Network Discovery SNMP
    – IoT Security learned an IP block or subnet by using SNMP to discover network information from switches.
IP Endpoints
: IP Endpoints are devices whose IP addresses IoT Security knows but not their MAC addresses. In addition, their behaviors are not stable enough for IoT Security to confidently deduce that their addresses are statically defined. IoT Security displays the number of IP endpoints in a subnet. Click the number to download a .zip file containing a report of IP endpoints in comma-separated-value format.
: When IoT Security integrates with switches using SNMP for network discovery and learns the IP addresses of the DHCP server and gateway for a subnet, it displays them in these columns. A BlueCat IPAM integration also provides the gateway for subnets.
: The network portion of an IP address for a CIDR block or subnet.
: The number of devices that IoT Security has discovered in a subnet and learned about through a third-party integration.
: If a subnet is defined as having static IP addresses,
appears in this column. Otherwise, a dash (
) appears here, indicating that IoT Security does not have enough data to determine if a subnet has static IP addresses or not.
Low-confidence Devices
: This is the number of devices whose identity IoT Security cannot identify confidently. Click the number for a subnet to open the Devices page with a filter applied to show only the low-confidence devices in that subnet; that is, devices with calculated confidence score of 0-69%.
A confidence score indicates the level of confidence IoT Security has in its identification of a device. IoT Security has three confidence levels based on calculated confidence scores: high (90-100%), medium (70-89%), and low (0-69%).
: (Reserved for future use.)
Site Mapping
: Subnets and blocks that are nested within other blocks inherit the site of the topmost block of their set. For example, if there’s a block at a site named “NYC” and it contains a subnet or block, then this subnet or block inherits “NYC” as its site too.
indicates whether a subnet or block inherited its site in this manner or not.
: (Reserved for future use)
: The site to which a block or subnet belongs can be defined manually (see Device-to-Site Mapping) or learned through an integration with Infoblox IPAM.
Devices Discovered via Integration
: The number of devices learned through integration with a third-party system.
: Indicates if you can remove a subnet or block. Preconfigured blocks, like, and those currently being used for site mapping cannot be removed.

Recommended For You