|
Key Takeaways
|
|
For network operations and security teams, maintaining compliance across device hardware and operating systems is a complex and time-consuming task. At any given moment, your network contains thousands of devices from dozens of different vendors. To keep this infrastructure secure, you must constantly know which devices are approaching end-of-life (EOL) milestones, and which platforms are vulnerable to active common vulnerabilities and exposures (CVEs).
Traditionally, finding these answers required engineering teams to manually search through fragmented vendor portals, download complex release notes, and track data in spreadsheets. This manual research is slow and prone to mistakes, and the information gathered becomes outdated almost immediately after completion.
You can automate this entire research process using agentic AI, but you must do so without exposing your sensitive network inventory to public models. In this post, we explore how a hybrid approach solves this problem by separating public intelligence collection from your internal network auditing.
The primary obstacle to adopting AI in network management is data privacy. Compliance frameworks and internal security policies strictly prohibit sharing network topologies, device configurations, and IP addresses with external large language models (LLMs).
To bypass this limitation, the ideal workflow divides the task into two distinct, isolated environments. Broadcom supports this approach. With our Network Observability by Broadcom solution, we host the public data collection on our own cloud infrastructure, while your local network configuration management (NCM) engine handles the actual audit within your secure, on-premises network.
The first phase of the process occurs entirely on Broadcom systems. Operating within a secure environment using Google Gemini, the solution’s agentic AI collects public vendor data. This engine has no visibility into your private network, your device counts, or your configurations. Its sole responsibility is to constantly analyze the public internet for hardware and software lifecycle data.
To gather this intelligence, the system utilizes a continuous-loop agentic workflow powered by the Google Gemini Large Multimodal Model (LMM), allowing it to ingest and interpret diverse, complex vendor documentation. Here’s how the solution works:
It first discovers the authoritative vendor web pages for support bulletins, hardware lifecycles, and software releases.
Next, it extracts unstructured data from PDF tables and footnotes, normalizing end-of-life dates and firmware requirements into a structured format.
The intelligent engine then validates this data against known schemas to prevent inaccuracies.
Finally, it calculates a confidence score for each data point and attaches the direct source URL, allowing users to verify any date with a single click.
Once the process is complete, the engine packs this structured vendor intelligence into the release package.
The second phase takes place entirely within your own local environment. You upgrade to DX NetOps NCM version 25.4.8 or later. After upgrading, the compiled intelligence packages will be available to your air-gap environment. You transfer them across your air-gap or firewall directly into your on-premises DX NetOps NCM engine, which is a key component of Network Observability by Broadcom.
Your live inventory data and device configurations never leave your internal network. The local NCM engine ingests the reference packages offline. It then performs an isolated scan of your local device repository, mapping switches, routers, firewalls, and access points against the newly imported vendor data. The engine automatically identifies which active devices are running outdated operating systems and which devices are nearing EOL. In addition, in an upcoming release, the engine will detail which operating systems match active CVE profiles.
By shifting external device intelligence to Broadcom and restricting the analysis to your local, offline engine, you can audit thousands of multi-vendor devices with minimal manual effort. Your on-premises system can process the matched data to generate practical compliance reports.
The system creates detailed compliance dashboards that show the exact percentage of secure versus non-compliant hardware. It also generates software matrices that map out all active firmware versions across your infrastructure, highlighting the specific devices that require immediate updates. Additionally, you receive real-time vulnerability logs that pair your current operating system versions with newly published threat data, helping your security team prioritize patches based on actual risk.
In many organizations, a compliance audit is a disruptive event performed only once or twice a year, offering nothing more than a temporary view of your security posture. By relying on agentic AI, you can transform this process into a daily, automated routine. Broadcom systems continually monitor the web for changing lifecycles and threats, while your local NCM engine verifies your compliance behind the safety of your firewall. You gain the analytical benefits of AI, while keeping your sensitive network data fully protected from the outside world.
To learn more about how you can automate your compliance tracking and secure your air-gapped infrastructure, explore the capabilities of our solution on the Automated Configuration Management solution page.