June 4, 2026
Secure your network by separating AI intelligence from your private on-premises configuration audits.
5 min read
|
Key Takeaways
|
|
For network operations and security teams, maintaining compliance across device hardware and operating systems is a complex and time-consuming task. At any given moment, your network contains thousands of devices from dozens of different vendors. To keep this infrastructure secure, you must constantly know which devices are approaching end-of-life (EOL) milestones, and which platforms are vulnerable to active common vulnerabilities and exposures (CVEs).
Traditionally, finding these answers required engineering teams to manually search through fragmented vendor portals, download complex release notes, and track data in spreadsheets. This manual research is slow and prone to mistakes, and the information gathered becomes outdated almost immediately after completion.
You can automate this entire research process using agentic AI, but you must do so without exposing your sensitive network inventory to public models. In this post, we explore how a hybrid approach solves this problem by separating public intelligence collection from your internal network auditing.
Hybrid approach enables automation and compliance
The primary obstacle to adopting AI in network management is data privacy. Compliance frameworks and internal security policies strictly prohibit sharing network topologies, device configurations, and IP addresses with external large language models (LLMs).
To bypass this limitation, the ideal workflow divides the task into two distinct, isolated environments. Broadcom supports this approach. With our Network Observability by Broadcom solution, we host the public data collection on our own cloud infrastructure, while your local network configuration management (NCM) engine handles the actual audit within your secure, on-premises network.
Online intelligence collection
The first phase of the process occurs entirely on Broadcom systems. Operating within a secure environment using Google Gemini, the solution’s agentic AI collects public vendor data. This engine has no visibility into your private network, your device counts, or your configurations. Its sole responsibility is to constantly analyze the public internet for hardware and software lifecycle data.
To gather this intelligence, the system utilizes a continuous-loop agentic workflow powered by the Google Gemini Large Multimodal Model (LMM), allowing it to ingest and interpret diverse, complex vendor documentation. Here’s how the solution works:
-
It first discovers the authoritative vendor web pages for support bulletins, hardware lifecycles, and software releases.
-
Next, it extracts unstructured data from PDF tables and footnotes, normalizing end-of-life dates and firmware requirements into a structured format.
-
The intelligent engine then validates this data against known schemas to prevent inaccuracies.
-
Finally, it calculates a confidence score for each data point and attaches the direct source URL, allowing users to verify any date with a single click.
Once the process is complete, the engine packs this structured vendor intelligence into the release package.
On-premises auditing via DX NetOps NCM
The second phase takes place entirely within your own local environment. You upgrade to DX NetOps NCM version 25.4.8 or later. After upgrading, the compiled intelligence packages will be available to your air-gap environment. You transfer them across your air-gap or firewall directly into your on-premises DX NetOps NCM engine, which is a key component of Network Observability by Broadcom.
Your live inventory data and device configurations never leave your internal network. The local NCM engine ingests the reference packages offline. It then performs an isolated scan of your local device repository, mapping switches, routers, firewalls, and access points against the newly imported vendor data. The engine automatically identifies which active devices are running outdated operating systems and which devices are nearing EOL. In addition, in an upcoming release, the engine will detail which operating systems match active CVE profiles.
Achieving complete network visibility
By shifting external device intelligence to Broadcom and restricting the analysis to your local, offline engine, you can audit thousands of multi-vendor devices with minimal manual effort. Your on-premises system can process the matched data to generate practical compliance reports.
The system creates detailed compliance dashboards that show the exact percentage of secure versus non-compliant hardware. It also generates software matrices that map out all active firmware versions across your infrastructure, highlighting the specific devices that require immediate updates. Additionally, you receive real-time vulnerability logs that pair your current operating system versions with newly published threat data, helping your security team prioritize patches based on actual risk.
Transitioning to continuous governance
In many organizations, a compliance audit is a disruptive event performed only once or twice a year, offering nothing more than a temporary view of your security posture. By relying on agentic AI, you can transform this process into a daily, automated routine. Broadcom systems continually monitor the web for changing lifecycles and threats, while your local NCM engine verifies your compliance behind the safety of your firewall. You gain the analytical benefits of AI, while keeping your sensitive network data fully protected from the outside world.
To learn more about how you can automate your compliance tracking and secure your air-gapped infrastructure, explore the capabilities of our solution on the Automated Configuration Management solution page.
Mehul Patel
Mehul Patel is a Product Manager at Broadcom, where he leads the NetOps Network Configuration Manager solution. A seasoned leader with more than two decades of experience, he specializes in developing innovative products across network observability, telecommunications, big data analytics, and embedded systems.
Other resources you might be interested in
Automating Device and OS Compliance in Air-Gapped Networks with Agentic AI
Secure air-gapped networks by automating device compliance. Employ a hybrid agentic AI workflow that separates public intelligence from internal audits.
Migrating Your DX NetOps Integrations from OData 2 to OData 4
Moving DX NetOps to OData 4? Learn how to identify active API queries, update your endpoints, and adjust your query syntax for a seamless transition today.
Unifying Network Configuration Management and Observability
Learn how unifying Network Configuration Management with comprehensive observability eliminates operational blind spots.
DX NetOps: Unified Collection Framework Install
This course is designed to provide a clear, easy-to-follow guide for setting up and managing the Unified Collection Framework (UCF).
Debunking the Myth of the Homogeneous Network
Tame multi-vendor network chaos by harnessing a single, scalable observability platform that unifies fault, performance, and configuration data.
DX NetOps: Network Observability Deployment Engine (NODE) Install
Learn how to establish the foundational architecture for the Network Observability Deployment Engine (NODE) by mastering the deployment of CaaS and LCM.
Mastering DX Netops Upgrade Automation
Learn how version 25.4.6 of the DX NetOps Upgrade Automation Tool provides new capabilities that make upgrades more resilient, transparent, and efficient.
Why Your NOC Will Ignore AI
Network engineers often ignore AI warnings due to a lack of trust. Learn how network observability provides the evidence needed to validate predictive insights.
Transforming Enterprise AI: Agile Operations in 2026
In this video, Broadcom’s Serge Lucio shares his 2026 outlook, explaining why true enterprise AI requires moving beyond basic chatbots to deploy domain-specific AI agents built on a foundation of...