SAM Intelligence

Gain full visibility into
all connected devices
and secure your network
end-to-end.

SAM Intelligence offers both premium device fingerprinting and a smart security layer to protect IoTs in your network.

Get a free trial license and your questions answered

Fingerprinting

Access detailed insights including make, model, version, and behavior for all connected devices.

No device left behind

  • Identifies 70% more device types
    than leading competitor
  • Delivers fingerprints with MAC address only
  • Delivers fingerprints with full device specs
  • 20K device types recorded and growing

IoT Security

Safeguard your entire network with threat identification and analysis for your connected IoTs.

Expand your reach

  • Security vendors can now extend their coverage to IoTs by detecting attacks using our behavioral profiles we call device policies.
  • Prevent unknown attacks and malware
    on IoT devices
  • Detect unwanted device behavior in real-time
  • Solve security breaches and vulnerabilities with our expert recommendations

Device Policies

The device policies are a collection of ACL-based security policies we developed to identify malicious behavior on IoTs. Our SAM Intelligence API enables users to set-up real time attack alerts using our robust fingerprinting technology and behavioral analysis.

The policies are compatible with Cisco’s MUD – an industry standard led by Cisco which allows IoT devices to declare their own expected network behavior. Since adoption by IoT vendors is currently low, we generate the policy for all the devices based on collected data.

Give it a try

Supported Data Types

SAM’s fingerprinting capability identifies devices using partial data such as MAC address only. But our algorithm enables us to provide highly detailed results because it is built on the following continuously collected network data:

  • MAC address
  • HTTP active banner grabbing
  • DHCP parameters and DHCP options, incl. DHCPv6
  • DNS requests sent by the device
  • Active scans – ICMP replies, TCP options
  • HTTP headers sent by the device (URIs, User Agent)
  • mDNS Service Discovery (also known as Bonjour)
  • mDNS broadcasts
  • SSDP broadcasts
  • UPNP attributes
  • Network discovery protocols – CDP and LLDP
  • Vendor-specific protocols

Integration Guidelines

To integrate with the service, you must be able to collect at least one of the data
types listed above. Once you have the data, you can then query the service
using a simple HTTP(s) API.

Contact us for a free trial license, full API documentation
and to start testing for yourself.

Query Example

In the following query, we use only a MAC address as a basis for device fingerprinting. Even with this limited data, we can fingerprint the device to the exact model, leveraging knowledge we’ve developed by fingerprinting similar devices previously.

1
2

The following response indicates that this is an HP Deskjet 3630 series printer with 90.5% confidence.

Device Policy Example

This is a partial policy for a Hikvision IP
Camera. For the full policy, see attached file