Arrow down

  • impact

    Why Forward?

    Our vendor-agnostic "digital twin" of your network is the most-awarded network modeling software of its kind

    customer stories

    See why the world’s most critical networks depend on Forward Networks

    technology

    Learn what makes our platform so powerful: header space analysis, mathematical modeling, and all about Network Query Engine

  • company

    about us

    From the four founders to the most awarded network modeling software in its class

    careers

    Learn about what makes Forward unique and find open opportunities to put your skills and career goals to work for you

arrow down

  • discover forward

    forward enterprise

    Forward Networks’ flagship product, Forward Enterprise, delivers a vendor-agnostic “digital twin” of the network, designed for both cloud and on-prem networks

    recognized by gartner

    Read the Garner Reports

    Featured in Gartner research publications and industry reports, Forward Enterprise remains at the forefront of technological innovation

  • platform highlights

    network security

    Delivering vulnerability management, attack surface management, and stronger security posture through the digital twin model

    multi-cloud

    Gain end-to-end visibility, service assurance and continuously audit your entire cloud estate with Forward Enterprise and Forward Cloud

    network data intelligence

    True network reliability, agility, and security by collecting and organizing network data to make it useful and actionable

Arrow down

  • solutions

    overview

    Forward Networks can help solve a spectrum of network challenges. Explore by use case, technology or industry

    federal solutions

    Forward Enterprise provides unified visibility across agency estates, ensures network resiliency, and expedites remediation

    Technology Partners

    API Integrations that enhance efficiency through seamless data exchange with the Forward Enterprise platform

    AI

    Learn how AI enhances the power of a network digital twin to deliver deeper insights, enhanced security, and smarter automation

  • solution examples

    universal iT

    Explore ways Forward Enterprise can improve Inventory management, change control, compliance + auditing, and workflow

    network security

    Delivering vulnerability management, attack surface management, and stronger security posture through the digital twin model

    multi-cloud

    Gain end-to-end visibility, service assurance and continuously audit your entire cloud estate with Forward Enterprise and Forward Cloud

    Network Operations

    Prevent configuration drift and expedite troubleshooting with unparalleled path verification

Arrow down

  • resources

    press room

    News articles, press release, and the latest downloadable content

    resource library

    Explore Forward Networks data sheets, whitepapers, ebooks, videos, and more

    events

    Talk one on one in-person or virtually with Forward product experts and technical architects

    blog

    Read the latest product updates, query tips, and customer use cases on the Forward Blog

    User Community

    Collaborate, learn, and grow: your hub for NQE, network visibility, and security

    Customer Support Portal

    Need product support? Login to the Forward Networks Support Portal

  • additional links

    webinars

    Join our experts as they explain solutions to current networking and cybersecurity challenges

    podcasts

    Seeking Truth in Networking: authentic conversations from the world of networking

    Get a demo
Arrow down

  • Digital Twin Technology

    What is a digital twin?

    Explore the mathematically-accurate modeling technology at the core of Forward Enterprise

    The ROI of a Digital Twin

    The financial return on aligning your team, simplifying troubleshooting, ensuring compliance, and avoiding outages

    Recognized by Gartner

    Read the Gartner Report

    Discover how to start increasing agility and lowering risk with network digital twin technology

    See for yourself

    Network Digital Twin Webinar

    Top 5 network issuse a Digital Twin can solve in under a week

    Network Digital Twin eBook

    Read Use Cases on how teams are boosting collaboration and efficiency with Digital Twin technology

support
Get a demo
Forward Networks logo
menu
BLOG | Dec 9, 2025

Identify Unknown or Unapproved Devices: How Forward Networks Helps Strengthen Supply-Chain and Zero Trust Compliance

Unapproved or unidentified network devices introduce supply-chain, compliance, and operational risk, especially in regulated or high-assurance environments. This post explains how Forward Networks uses OUI-based identification within NQE to help organizations detect devices of concern, improve visibility, and support Zero Trust and CISA supply-chain risk management initiatives.
Chris Naish
Chris Naish 
Federal Systems Engineer 
Who should read this post?
  • Organizations concerned about consumer-grade or unapproved vendors appearing in enterprise environments
  • Network engineers and architects responsible for maintaining accurate hardware inventories
  • IT operations and SRE teams managing configuration, lifecycle, and supply-chain compliance
  • Security leaders concerned with vendor trust, device provenance, and shadow IT risks
What is covered in this content?
  • Why “unknown products” appear in networks and why they matter
  • How Forward Networks identifies devices using vendor-registered OUIs
  • How continuous monitoring supports CISA and OMB M-22-09 objectives
  • Link to the original NQE tutorial for implementation

Why Unknown or Unapproved Devices Create Operational and Supply-Chain Risk

Modern enterprise and federal networks increasingly face challenges related to identifying and validating the hardware operating within their environments. While teams typically expect enterprise-grade devices from approved vendors, the broader hardware ecosystem often introduces components and equipment that do not originate from the organization’s procurement process.

The Forward Networks tutorial highlights a key contributor: commercial off-the-shelf (COTS) consumer devices such as home routers, wireless access points, or embedded network interface components. These devices are common in home and small-office environments, but they may unintentionally surface inside larger enterprise or government networks. Because they often lack the same oversight and lifecycle controls as approved hardware, these devices create gaps in visibility and governance.

This becomes especially important in federal or high-assurance environments, where hardware provenance, vendor approval, and supply-chain integrity are core security requirements. Recent national-level assessments have emphasized the risk associated with certain consumer-grade or foreign-manufactured network devices, especially when they are used within sensitive or regulated networks.

The tutorial outlines several reasons this matters:

  • Devices may not match an approved vendor baseline, meaning they fall outside procurement or supply-chain policy.
  • Firmware updates, monitoring, and security expectations may diverge from enterprise-grade requirements.
  • Unrecognized components create potential visibility gaps and may expose management interfaces or pathways that are not governed by standard security controls.
  • Unmanaged devices introduce uncertainty during audits, Zero Trust validation, or compliance reviews.

Because these risks directly relate to CISA supply-chain guidance and the OMB M-22-09 Zero Trust Architecture (ZTA) implementation framework, organizations need a systematic way to locate and categorize devices originating from specific vendors of concern. Forward Networks developed such an approach using its Network Query Engine (NQE).

How Forward Networks Identifies Devices Using OUI-Based Detection

The source tutorial introduces a vendor-visibility method grounded in one of the most reliable identifiers in networking: the Organizationally Unique Identifier (OUI).

Every network interface card (NIC) includes a MAC address. The first 24 bits of this address—its OUI—are assigned by the IEEE to a specific hardware manufacturer. By analyzing these OUIs, network teams can determine the registered vendor associated with any NIC.

Forward Networks automates this identification by using NQE. The tutorial provides an example NQE script that demonstrates the detection workflow. While the blog does not restate code, it is important to summarize the conceptual steps and the value this approach creates.

NQE performs the following:

  1. Defines a set of vendor names corresponding to manufacturers of concern (e.g., Huawei, ZTE, TP-Link, or any other vendor the user specifies).
  2. Iterates through every device and host in the Forward Enterprise snapshot.
  3. Retrieves each MAC address associated with the device or host.
  4. Maps the OUI to an IEEE-registered vendor name using Forward Networks’ data model.
  5. Normalizes vendor names, simplifying the process when a vendor has many OUI entries.
  6. Compares OUIs against the vendor list defined by the operator.
  7. Outputs a structured report including:
    • deviceName
    • network location
    • MAC address
    • OUI-mapped vendor
    • associated interfaces
    • hostType
    • VLAN details
    • gateway device/interface relationships

This provides a rapid, repeatable, and automated way to surface devices manufactured by vendors of concern.

What makes the approach powerful?

  • It relies exclusively on data already present in Forward Enterprise: MAC tables, ARP entries, and normalized host/interface metadata.
  • It requires no additional scanning tools or third-party data sources.
  • It functions across all vendors and domains represented in the Forward Enterprise snapshot.
  • It scales seamlessly across the entire enterprise or federal networks.

The tutorial emphasizes that this method creates a data-driven, standardized, and repeatable process for locating unapproved or unmanaged devices—critical for supply-chain oversight and Zero Trust compliance.

Continuous Monitoring for Zero Trust and Supply-Chain Compliance

While a one-time scan can reveal unexpected hardware, ongoing compliance requires recurring validation. The source material explains that Forward Networks enables this through integration with Verify and Scorecards, turning OUI-based detection into a continuous monitoring capability.

Once users validate the query, they can:

Add the check to Verify

This allows the detection script to run automatically using each new Forward Enterprise snapshot. Because snapshots provide historical and current network state, the check remains current without requiring manual re-execution.

Include it in Scorecards

Scorecards aggregate checks and provide visibility across multiple compliance or Zero Trust objectives. The OUI detection logic can serve as a foundational KPI for supply-chain assurance.

Continuously evaluate each snapshot

With every update, Forward Enterprise re-runs the OUI logic, revealing:

  • When new devices of concern appear
  • When unapproved devices move into protected or restricted zones
  • How unmanaged devices shift across the network over time

The tutorial emphasizes that this process transforms what might otherwise be a one-time audit into ongoing oversight, aligned to CISA guidance and Zero Trust mandates.

Use cases the tutorial explicitly supports

The continuous monitoring framework helps teams:

  • Track unapproved or untrusted hardware
  • Receive alerts when new devices appear
  • Maintain visibility across changes in infrastructure
  • Use these outputs as KPIs for compliance dashboards
  • Combine this detection logic with additional NQE scripts (such as CVE or end-of-life checks)

Each of these is directly described in your provided text.

The key takeaway is that Forward Enterprise’s normalized data and NQE-driven automation create a scalable model for repeatable validation. This is especially important in federal or high-assurance environments where device origin, vendor alignment, and supply-chain posture must be continuously verified.

Extending the Detection Framework Across Additional Vendors and Use Cases

Your source text explains that because the method relies on standardized OUIs, it can be extended far beyond identifying specific restricted vendors. The same detection workflow can be customized to fit each organization’s policies and compliance requirements.

According to the tutorial, Forward Networks engineers have expanded the framework to identify:

Restricted Vendors

The original purpose includes locating Huawei, ZTE, TP-Link, or any vendor prohibited by federal procurement rules or internal security policy.

Counterfeit or Gray-Market Equipment

By validating serial numbers (when combined with additional checks), teams can surface hardware that does not match authorized ranges, a serious supply-chain concern.

Unsupported or End-of-Life (EOL) Devices

Organizations can build NQE queries that surface devices no longer supported by the vendor, allowing for earlier planning and remediation.

Devices Requiring Firmware or OS Validation

Outdated or unverified firmware is a critical risk area in regulated environments. The tutorial states that these checks can be combined to support more comprehensive validation.

Custom Vendor or Hardware Categories

Teams can tailor the vendor list, whether to include specific manufacturers, product lines, or enforcement criteria. This flexibility creates a supply-chain assurance framework that can scale with expanding Zero Trust and CISA requirements.

The author also notes that adjusting the vendor list can support highly targeted checks. What begins as a simple OUI-based query for one unapproved vendor becomes the foundation for a comprehensive device-visibility strategy across complex networks.

Industry Recognition

Winner of over 20 industry awards, Forward Enterprise is the best-in-class network modeling software that customers trust

Visit our press roomHear from Gartner

Customers are unanimous:
Forward Enterprise is a game-changer

From Fortune 50 institutions to top level federal agencies, users agree that Forward Enterprise is unlike any other network modeling software

Evaluate the reviewsChat with an expert

Most Recent

Browse all posts

Subscribe to our newsletter

Make sure you don't miss a post by signing up here for our monthly 'Moving Forward' newsletter
Top cross