Meet the Hounds Β· toggle theme, then print
CERBERUS crest
MEET THE HOUNDS

CERBERUS

IoT Discovery Squad
Cerberus Hounds Β· Category: Discovery
β€œFind the unmanaged devices at the edge.”

The many-headed guardian β€” Cerberus is a four-agent pack watching the gate where unmanaged devices slip in.

THE PROBLEM

Unmanaged IoT and OT devices are invisible to agent-based tooling β€” no agent, no entry in the CMDB, no owner. They sit at the network edge as soft targets: cameras, controllers, printers, lab gear. You can't protect what nothing in your stack admits exists.

WHAT IT DOES

Cerberus is a four-stage agent squad β€” Discovery β†’ Expansion β†’ Cross-Reference β†’ QA β€” that fuses web-UI and banner text, UPnP/SSDP, mDNS, OT/ICS protocol, and OUI vendor signals into a confidence-scored inventory of unmanaged devices. Each find is tagged IoT:<name>, and the squad learns new detections as it goes.

KEY CAPABILITIES

  • Confidence-scored fusion engine β€” web-UI and banner text, UPnP/SSDP, mDNS, OT/ICS protocol, and OUI vendor signals combine into one High/Medium/Low verdict per device. Five weak signals become one strong answer.
  • OT/ICS protocol class β€” industrial protocols are recognized as their own device class, so a PLC is classified as OT gear instead of being lumped in as β€œunknown device.”
  • OUI vendor and prefix mapping β€” MAC-derived vendor evidence maps to device class, adding a signal that works even when a device refuses to answer anything else.
  • Managed-device down-weighting β€” hosts your tooling already manages are down-weighted, keeping the list focused on the truly unmanaged edge instead of re-discovering your own servers.
  • Per-device signal breakdown β€” every verdict shows exactly which signals drove it, so network teams can verify before they isolate rather than acting on faith.
  • Gated β€œIoT:<name>” tags β€” discovered devices become human-approved, routable inventory the rest of the pack can prioritize and protect.

HOW IT WORKS

Cerberus runs against the local navi.db built from your Tenable data β€” the vulns and assets tables plus the cert-derived device cache from Certania. All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Confidence scoring instead of brittle single-signal detection β€” one banner match isn't a verdict; five agreeing signals are.
  • Signal transparency β€” every device shows its evidence breakdown, so network teams can verify before they isolate.
  • OT-aware β€” industrial protocol classes are first-class citizens, not lumped in with smart lightbulbs.
  • A squad that learns β€” the QA stage feeds new detections back into discovery.

PROOF POINTS

  • Runs its four-stage sweep across a reference environment of 268 mixed assets β€” including IoT/OT gear β€” scoring each candidate device High, Medium, or Low confidence with the signals shown. Honest caveat: detection quality depends on what your scans can observe at the edge β€” blind segments and uncredentialed hosts are called out, not hidden. Confidence scores are evidence summaries, not certainties.

WORKS BETTER WITH

Cerberus feeds Anubis β€” so lab and OT devices can be down-rated (or up-rated) to their true criticality β€” and Fenrir, where weak-auth edge devices become attack-path entry points. It consumes Certania's cert-derived device cache.

WHO IT'S FOR

OT and IoT security teams who need an inventory they can defend; network teams hunting the unmanaged edge; vuln management extending coverage beyond agents.

CALL TO ACTION

Turn Cerberus loose on your edge β€” three heads see what one scanner misses.

THE HOUNDS β€” a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes Β· Evidence-first Β· Honest about coverage