
About runZero
Product
Resources Center
Press Release
Simplifying network visiblity and asset inventory for security and IT teams
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
Company Mission
Discovery is the first step to building the asset inventory needed for effective IT and security programs. Yet, most organizations struggle to obtain a true inventory of all the devices and services running in their networks. runZero’s mission is to make discovery as easy and safe as possible, so organizations know everything they have on their network and in the cloud.

Why runZero
Quickly
deploy runZero anywhere, on any platform, in minutes
SaaS or self-hosted: choose the deployment model that works for you. No agents, credentials, traffic captures, netflows, span ports, or network taps needed. Just deploy the runZero Explorer (a lightweight scan engine) to carry out scan operations and upload data to the console.
Get the
most accurate data about any asset on your network
runZero provides critical context and data needed by incident response and security teams to accelerate decision making. Never wonder what an IP address is ever again. Instantly search your inventory for answers.
Use runZero as a standalone or with other IT & security solutions
Enrich runZero asset inventory with data from other IT and security solutions, like CMDBs, MDMs, and EDRs. Integrate runZero with your existing technology stack to achieve greater visibility of assets and services across your network.
Discover your entire infrastructure
Know your network-connected assets
Get ahead of security risks
Stay on top of changes on your network
Discover your entire infrastructure
Most asset inventory solutions have gaps in what they can detect. runZero covers all of your bases, including managed and unmanaged devices, on-premises and cloud assets, IT and OT infrastructure, devices at work and at home. With runZero, you can discover devices you may not know you even had.
Get quality data with unauthenticated scans
runZero’s secret sauce is its proprietary unauthenticated scanner, which safely elicits more information from devices than they should be giving up. In addition to accurate OS and service fingerprints, get attributes such as installed anti-malware products, secondary network interfaces, and Windows domain memberships.


Get quality data with unauthenticated scans
runZero’s secret sauce is its proprietary unauthenticated scanner, which safely elicits more information from devices than they should be giving up. In addition to accurate OS and service fingerprints, get attributes such as installed anti-malware products, secondary network interfaces, and Windows domain memberships.

Augment asset data via APIs
Once you have started with an active scan, augment your inventory with other sources through integrations. runZero ingests data from MDMs, EDR solutions such as CrowdStrike, and external perimeter scans such as Censys to round out your inventory. Integrate runZero with AWS, Microsoft Azure, and VMware to pull data from your cloud and virtualized environments.
Include fragile IT and OT devices
runZero has been designed without aggressive scan tactics that can destabilize some IT and OT devices. runZero’s proprietary scan technology only sends well-formed IP packets and does not use security probes. You can limit the number of packets per device and spread the workload across the entire IP range to scan without overloading individual devices. runZero regularly scans manufacturing, energy and healthcare environments without issues and delivers better visibility than with passive network monitoring.


Include fragile IT and OT devices
runZero has been designed without aggressive scan tactics that can destabilize some IT and OT devices. runZero’s proprietary scan technology only sends well-formed IP packets and does not use security probes. You can limit the number of packets per device and spread the workload across the entire IP range to scan without overloading individual devices. runZero regularly scans manufacturing, energy and healthcare environments without issues and delivers better visibility than with passive network monitoring.

Uncover unknown active subnets
Scan the entire internal address space (RFC 1918) overnight to get situational awareness of active subnets, then run a full audit scan. Spot any MAC addresses that are connected to your network devices but unreachable by your current explorers. Find hints of active subnets in the RFC 1918 map when devices leak secondary network interfaces.
Augment your CMDBs and SIEMs with better data
Build a common foundation for your asset inventory across the organization by feeding runZero data into CMDBs and SIEMs. Use runZero’s export APIs or out-of-the-box integrations with ServiceNow and Splunk.


Augment your CMDBs and SIEMs with better data
Build a common foundation for your asset inventory across the organization by feeding runZero data into CMDBs and SIEMs. Use runZero’s export APIs or out-of-the-box integrations with ServiceNow and Splunk.
Know your assets
Having an inventory is only useful if you truly understand your assets. Sifting through the data, getting context on machines you’re investigating, and looking at machines and services from different vantage points is critical for situational awareness.
Easily search your inventory
Slice and dice your asset inventory based on services and detailed attributes with out-of-the-box and custom queries. Spend less time searching and more time on asset lifecycle management, IP address management, and understanding your true network topology. Find assets with specific traits, such as all Ubiquiti IP cameras, Microsoft SQL servers sorted by version, or TLS on non-standard ports.


Easily search your inventory
Slice and dice your asset inventory based on services and detailed attributes with out-of-the-box and custom queries. Spend less time searching and more time on asset lifecycle management, IP address management, and understanding your true network topology. Find assets with specific traits, such as all Ubiquiti IP cameras, Microsoft SQL servers sorted by version, or TLS on non-standard ports.

Work with systems, not IP addresses
As machines move across networks and get new DHCP leases, it can be difficult to keep track of assets. runZero identifies devices by MAC address, GUIDs, and combinations of other unique identifiers to avoid duplicate entries as IP addresses change.
Review historical trending and compare snapshots
See historical asset graphs on your runZero Dashboard to understand how types of devices, services or products are trending. Reconstruct network events by viewing recent scan data for changes to IPs and services. Compare the results of two site scans, such as two points in time or internal/external scans to understand what may have caused an outage after a network change, or to reconstruct the timeline of an attack.


Review historical trending and compare snapshots
See historical asset graphs on your runZero Dashboard to understand how types of devices, services or products are trending. Reconstruct network events by viewing recent scan data for changes to IPs and services. Compare the results of two site scans, such as two points in time or internal/external scans to understand what may have caused an outage after a network change, or to reconstruct the timeline of an attack.

View your external network perimeter
While runZero is primarily used for internal networks, the Explorer can also scan external perimeters to show exposed devices and services. Identify what isn’t appropriately blocked by the firewall. Integrate with Censys to add external scan data.
Identify bridged devices
Spot devices that bridge networks, such as a laptop with a WiFi, Ethernet and iWAN cards, even if you are only scanning one of the network interfaces. Understanding network bridges will help you troubleshoot routing issues and identify network segmentation violations.


Identify bridged devices
Spot devices that bridge networks, such as a laptop with a WiFi, Ethernet and iWAN cards, even if you are only scanning one of the network interfaces. Understanding network bridges will help you troubleshoot routing issues and identify network segmentation violations.

Track asset ownership
Tag asset ownership so you can respond to incidents and tickets faster. To streamline and accelerate tagging, you can set up automatic tagging of asset owners. For example, you can auto-tag the database team as the owner if a device is running an Oracle database.
Share insights with your team
Collaborate in runZero through tags and comments. Manage visibility of different organizations through role-based access control (RBAC). Export search results you want to share with others.


Share insights with your team
Collaborate in runZero through tags and comments. Manage visibility of different organizations through role-based access control (RBAC). Export search results you want to share with others.
Get ahead of security risks
Regular security hygiene is critical for maintaining a stable and secure network. After analyzing your network, look for devices, services and configurations that put your systems and information at risk of disclosure and ransomware.
Find machines missing security controls
Identify devices that don’t have your corporate EDR or MDM agent installed. For example, find all machines running Windows on your office network that don’t have CrowdStrike installed.


Find machines missing security controls
Identify devices that don’t have your corporate EDR or MDM agent installed. For example, find all machines running Windows on your office network that don’t have CrowdStrike installed.

Manage orphaned and retire rogue devices
Assets that don’t have an identified owner can lead to issues if no one is responsible for managing them. Search your inventory for orphaned devices, tag them for follow-up, and assign an owner. Remove rogue devices by looking for Windows machines that are not part of your domain or access points that are not on your vendor list.
Keep your assets up-to-date
Identify devices that are running end-of-life operating systems and need to be updated or retired. Find machines with TLS certificates that are about to expire or that were issued by a compromised certificate authority.


Keep your assets up-to-date
Identify devices that are running end-of-life operating systems and need to be updated or retired. Find machines with TLS certificates that are about to expire or that were issued by a compromised certificate authority.

Spot security misconfigurations and vulnerabilities
Identify unsafe configurations, such as duplicate SSH host keys on cloned virtual machines that adversaries might use for lateral movement. Find TLS services that allow weak ciphers. List all Windows machines exposing SMBv1 or RDP that have a public IP address.
List outliers on your network
Your most common hardware, software and services will usually be well managed. Find unique systems, products and services that are either one-offs or have a different patching level than other devices, such as unique SSH banners, software products, or database version.


List outliers on your network
Your most common hardware, software and services will usually be well managed. Find unique systems, products and services that are either one-offs or have a different patching level than other devices, such as unique SSH banners, software products, or database version.

Quickly identify assets affected by recent security news
Find risky assets running Log4J or Solarwinds in seconds by querying your existing inventory database. Build your own queries or use runZero’s saved queries. Because you don’t need to rescan, finding exposed systems is much faster than when using vulnerability scanners that first need to develop new signatures and then require you to rescan the network.
Stay on top of changes in your network
Once you have a good understanding of your network, runZero helps you keep abreast of changes. This is critical to maintaining good operational and security hygiene on your network.
Configure custom alerts for when unwanted attributes appear
After you’ve removed unwanted items, such as VNC services or Huawei devices, get alerted if they show up again. Customize and automate alerts or trigger webhooks to initiate your automated tickets and workflows. Add dashboard queries to see devices that require attention.


Configure custom alerts for when unwanted attributes appear
After you’ve removed unwanted items, such as VNC services or Huawei devices, get alerted if they show up again. Customize and automate alerts or trigger webhooks to initiate your automated tickets and workflows. Add dashboard queries to see devices that require attention.

Get notified about new, changed, and offline assets
You may not need to know about new machines on your guest WiFi, but you’ll want to know about new machines or changed services on sensitive networks like your cardholder data environment. Get notified about all changes that are important to you. Set up rules that alert you about offline assets or services that may indicate disruptions.
Learn about newly end-of-life (EOL) systems
Set up a query about all devices that are about to go EOL to get ahead of unsupportable and unpatchable assets on your network.


Learn about newly end-of-life (EOL) systems
Set up a query about all devices that are about to go EOL to get ahead of unsupportable and unpatchable assets on your network.
Discover your entire infrastructure
Most asset inventory solutions have gaps in what they can detect. runZero covers all of your bases, including managed and unmanaged devices, on-premises and cloud assets, IT and OT infrastructure, devices at work and at home. With runZero, you can discover devices you may not know you even had.
Get quality data with unauthenticated scans
runZero’s secret sauce is its proprietary unauthenticated scanner, which safely elicits more information from devices than they should be giving up. In addition to accurate OS and service fingerprints, get attributes such as installed anti-malware products, secondary network interfaces, and Windows domain memberships.


Get quality data with unauthenticated scans
runZero’s secret sauce is its proprietary unauthenticated scanner, which safely elicits more information from devices than they should be giving up. In addition to accurate OS and service fingerprints, get attributes such as installed anti-malware products, secondary network interfaces, and Windows domain memberships.

Augment asset data via APIs
Once you have started with an active scan, augment your inventory with other sources through integrations. runZero ingests data from MDMs, EDR solutions such as CrowdStrike, and external perimeter scans such as Censys to round out your inventory. Integrate runZero with AWS, Microsoft Azure, and VMware to pull data from your cloud and virtualized environments.
Include fragile IT and OT devices
runZero has been designed without aggressive scan tactics that can destabilize some IT and OT devices. runZero’s proprietary scan technology only sends well-formed IP packets and does not use security probes. You can limit the number of packets per device and spread the workload across the entire IP range to scan without overloading individual devices. runZero regularly scans manufacturing, energy and healthcare environments without issues and delivers better visibility than with passive network monitoring.


Include fragile IT and OT devices
runZero has been designed without aggressive scan tactics that can destabilize some IT and OT devices. runZero’s proprietary scan technology only sends well-formed IP packets and does not use security probes. You can limit the number of packets per device and spread the workload across the entire IP range to scan without overloading individual devices. runZero regularly scans manufacturing, energy and healthcare environments without issues and delivers better visibility than with passive network monitoring.

Uncover unknown active subnets
Scan the entire internal address space (RFC 1918) overnight to get situational awareness of active subnets, then run a full audit scan. Spot any MAC addresses that are connected to your network devices but unreachable by your current explorers. Find hints of active subnets in the RFC 1918 map when devices leak secondary network interfaces.
Augment your CMDBs and SIEMs with better data
Build a common foundation for your asset inventory across the organization by feeding runZero data into CMDBs and SIEMs. Use runZero’s export APIs or out-of-the-box integrations with ServiceNow and Splunk.


Augment your CMDBs and SIEMs with better data
Build a common foundation for your asset inventory across the organization by feeding runZero data into CMDBs and SIEMs. Use runZero’s export APIs or out-of-the-box integrations with ServiceNow and Splunk.
Know your assets
Having an inventory is only useful if you truly understand your assets. Sifting through the data, getting context on machines you’re investigating, and looking at machines and services from different vantage points is critical for situational awareness.
Easily search your inventory
Slice and dice your asset inventory based on services and detailed attributes with out-of-the-box and custom queries. Spend less time searching and more time on asset lifecycle management, IP address management, and understanding your true network topology. Find assets with specific traits, such as all Ubiquiti IP cameras, Microsoft SQL servers sorted by version, or TLS on non-standard ports.


Easily search your inventory
Slice and dice your asset inventory based on services and detailed attributes with out-of-the-box and custom queries. Spend less time searching and more time on asset lifecycle management, IP address management, and understanding your true network topology. Find assets with specific traits, such as all Ubiquiti IP cameras, Microsoft SQL servers sorted by version, or TLS on non-standard ports.

Work with systems, not IP addresses
As machines move across networks and get new DHCP leases, it can be difficult to keep track of assets. runZero identifies devices by MAC address, GUIDs, and combinations of other unique identifiers to avoid duplicate entries as IP addresses change.
Review historical trending and compare snapshots
See historical asset graphs on your runZero Dashboard to understand how types of devices, services or products are trending. Reconstruct network events by viewing recent scan data for changes to IPs and services. Compare the results of two site scans, such as two points in time or internal/external scans to understand what may have caused an outage after a network change, or to reconstruct the timeline of an attack.


Review historical trending and compare snapshots
See historical asset graphs on your runZero Dashboard to understand how types of devices, services or products are trending. Reconstruct network events by viewing recent scan data for changes to IPs and services. Compare the results of two site scans, such as two points in time or internal/external scans to understand what may have caused an outage after a network change, or to reconstruct the timeline of an attack.

View your external network perimeter
While runZero is primarily used for internal networks, the Explorer can also scan external perimeters to show exposed devices and services. Identify what isn’t appropriately blocked by the firewall. Integrate with Censys to add external scan data.
Identify bridged devices
Spot devices that bridge networks, such as a laptop with a WiFi, Ethernet and iWAN cards, even if you are only scanning one of the network interfaces. Understanding network bridges will help you troubleshoot routing issues and identify network segmentation violations.

