























I was on a call last week with a vice president of IT operations who confidently told me their infrastructure visibility was “probably 85 percent, maybe 90 percent.” When I asked how they measured that, there was a pause. “Well, we run network scans weekly, we have got endpoint agents on most systems and our CMDB is … reasonably up to date.”
Two weeks later, they ran Infoblox Universal Asset Insights™ across their environment.
It found 48 percent more assets than all their existing tools combined.
Their real number? 52 percent.
They found 847 IoT devices their scanning tools had never detected: cloud resources that had been decommissioned months ago but were still running (and billing), and shadow IT deployments nobody owned. The gap between what they thought they could see and what actually existed was not a rounding error. It was a business risk.
Here is what bothered me most: this was not unusual. According to Gartner research, only 17 percent of organizations can clearly identify 95 percent or more of their assets.1 The rest are operating with significant blind spots—and most do not realize it.
Most organizations approach infrastructure visibility as a data collection problem. They deploy more scanners, add more agents and integrate more tools, trying to build visibility by aggregating partial views from dozens of sources.
But there is a different approach, and it starts with recognizing something fundamental: for on-premises infrastructure, every device that connects must interact with your network’s DNS and DHCP services.
For on-premises environments, nothing bypasses DNS and DHCP. Your network services see every connection because devices cannot function without them. For cloud environments, Universal Asset Insights extends this authoritative foundation through direct integration with cloud provider APIs, capturing resources the moment they’re provisioned.
DNS and DHCP are not visibility tools you deploy. They are the operational network services that already see everything on-prem by default. Universal Asset Insights leverages this foundation and extends it systematically across hybrid and multi-cloud environments.
This data is authoritative because it is operational. On-premises networks require DNS and DHCP to function. Cloud platforms expose real-time provisioning data through their APIs. Every connection is recorded. Every transaction is logged. Every change is tracked, in real time.
But here’s what most organizations miss: raw DNS and DHCP transaction logs aren’t infrastructure intelligence—they’re unprocessed data. A DHCP lease shows an IP was assigned, not what device received it or whether it’s authorized. DNS queries show lookups, not asset relationships or security context.
The organizations that solve the discovery confidence gap don’t just collect authoritative data. They process it at scale, enrich it with cloud provider APIs, apply enhanced discovery for edge cases and correlate everything into unified intelligence. That’s the difference between having visibility and insights.
I have been thinking about why organizations tolerate partial visibility. The reasons usually sound reasonable:
These assumptions made sense five years ago. They do not make sense now.
Gartner research shows that 30 percent of IT assets are lost or unaccounted for.2 When your asset inventory has that kind of gap, the consequences compound: compliance audits become guesswork, security tools cannot protect what they do not know exists and cloud resources run untracked.
According to the Flexera State of Cloud report, 28 percent of annual public cloud spend is wasted,3 much of it on orphaned resources and untracked infrastructure. For a mid-sized organization spending $3–5 million annually on cloud, that is nearly $1 million in waste.
But here is what changes the equation completely: AI and automation.
Organizations are accelerating AI adoption, but AI cannot secure what it cannot see. AI agents and automation frameworks require accurate, verified asset information to make reliable decisions. Industry data shows that typical CMDB accuracy hovers around 60 percent.4 When your configuration database is 60 percent accurate, your AI operates with 40 percent blind spots.
Incomplete discovery data trains models on flawed inputs. Automation built on partial visibility generates cascading failures. Agentic AI makes decisions about assets that do not exist—and misses assets that do.
Artificial intelligence does not create a visibility problem. It magnifies it. Check out the e-book to understand the risks—and learn how authoritative network intelligence is the foundation AI actually needs.
Over the last year, I have watched customers solve this problem, not by adding more scanning tools, but by changing where they look for truth.
A global financial services organization was managing AWS, Azure and Google Cloud independently—no unified view of IP allocation, ownership or resource inventory. They discovered 847 orphaned cloud resources and eliminated significant annual waste. Time to full multi-cloud visibility? 15 minutes.
A UK supermarket chain facing a £6.8 billion IT divestiture needed to separate infrastructure within 36 months or face regulatory fines. They used DNS and DHCP intelligence as the foundation for the entire separation. Met the deadline. Avoided the fines.
An enterprise technology company had thousands of dangling DNS records exposing them to domain takeover attacks. They identified and remediated 2,400 inactive DNS records, reducing their attack surface vulnerability by 40 percent.
Traditional scanning tools face inherent limitations:
Universal Asset Insights uses a multi-layer architecture that eliminates these gaps:
This multi-layer architecture delivers 100 percent coverage versus 60–70 percent from scanning-based tools. The DNS/DHCP foundation guarantees visibility into everything that connects to on-premises networks. Cloud API integration extends that foundation to hybrid and multi-cloud environments. Enhanced discovery engines catch edge cases like static IP devices. Machine learning correlation ties it all together into a unified, normalized view.
Where traditional approaches aggregate fragmented data sources and hope for coverage, the organizations solving this problem start with authoritative network services and extend systematically.
When organizations build from an authoritative foundation across on-prem and cloud environments, they unlock three capabilities that eliminate blind spots:
When NetOps, SecOps and CloudOps work from a single DNS and DHCP-based source of truth, they speak the same operational language. Incidents do not linger because teams debate which data is correct. Diagnostics happen faster. Triage becomes systematic.
I used to think infrastructure visibility was a better discovery tool. What I have learned is that it is actually about recognizing the truth.
The infrastructure intelligence you need already exists. It is in the DNS and DHCP services your infrastructure depends on to function. Every device that connects leaves an authoritative record. Every connection is tracked. Every change is logged.
The question is not whether complete visibility is possible. The question is how much you are losing while operating with partial truth.
Because if you are making decisions about security, compliance, operations or cloud spending based on data that is 30–40 percent incomplete, you are not making informed decisions. You are guessing.
And eventually, those guesses catch up with you, especially when AI starts amplifying them.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。