How to detect shadow IT and mitigate security risks

InvGate Asset Management makes it easy to detect shadow IT. Whether it’s unauthorized software or hardware, you can spot them in just a few simple steps.

Talk to our Sales team

You can also explore the product on your own with the live demo.

Talk to SalesLaunch live demo

For software, we use InvGate Asset Management’s Agent, which continuously reports installed applications to the platform, allowing you to search for or receive alerts on unapproved software.

For hardware, InvGate Asset Management’s Discovery features let you scan your network to detect unauthorized devices in use.

Shadow IT detection for hardware

InvGate Asset Management includes a built-in Discovery feature that allows you to scan your network and detect devices that aren’t yet part of your inventory.

This helps uncover shadow IT like rogue laptops, printers, or any connected device (so you can decide whether to add or exclude them).

Step 1: Download and install the proxy

  1. Go to Settings > Network > Proxies.
  2. Click Add and save the information provided in the modal (you’ll need it during installation).
  3. Select the operating system where the proxy will be installed and download the installer.
  4. Go to your downloads folder and run the installer on a machine that has access to the network you want to scan.

Note: You only need to install the proxy on one machine per network segment. It should ideally be a server or always-on device with full visibility of the local network. You don’t need to install it on every computer.

Step 2: Configure the proxy

  1. After installation, a configuration window will open. Complete the required fields: Insight/IGAM URL, Proxy security token, and Proxy name (you’ll find all of these in the modal from step 2 above).
  2. Click Configure proxy, then click Start scanning.

Note: Each proxy scans a specific IP address range. You can create multiple proxies to cover different networks, subnets, or office locations. This gives you full flexibility and visibility across your infrastructure.

Step 3: Create a Discovery source (if needed)

In most cases, creating a proxy also generates an InvGate Discovery source in the Discovery Sources section. If that’s the case, you can skip this section and wait for the scan to finish. However, if you want to add another discovery source, follow these steps:

  1. Go to Settings > Discovery Sources.
  2. Click Add.
  3. Choose InvGate Discovery as the source.
  4. Complete the fields:
    1. Name: Choose a name for this discovery source.Type: This will be automatically selected.Proxy: Select the proxy you configured in step 2.Protocols: Select the scanning protocol (SNMP, SSH, etc.) and complete any required fields.Frequency: Define when and how often the scan should run (start date, time, and repetition).
  5. Click Save to activate the Discovery process.

Step 4: Review and convert discovered assets

  1. Go to Assets > Discovery. You’ll see a list of devices recently detected by the scan.
  2. Click on any item and select Convert to asset.
  3. Complete the required fields in the form and click Apply changes.
  4. Return to the Assets module — your new asset is now part of your inventory.

Note: Using this method, you can proactively detect any hardware connected to your network (even if it doesn’t have the InvGate Agent installed). This makes it an ideal tool to identify shadow IT and maintain control over your entire IT environment.

Shadow IT detection for software

#1: Proactive search for specific software

This method can be used to check whether a specific software is installed on any of your organization’s devices. Just follow these steps:

  1. Go to Software.
  2. Under the column “software name”, type the name of any unauthorized software (like Steam) and hit Enter.
  3. Group by name to see the different software tied to the term you’ve written.

Optional: You can download this information (including the devices where the unauthorized software is installed) to later include it in your Software Asset Management strategy.

#2: Automate alerts to detect when unauthorized software is installed

Once the InvGate Agent is reporting software installations, you can automate email notifications when unauthorized applications are detected. This allows your team to act quickly without needing to constantly monitor assets manually.

Here’s how to set up a notification for the detection of unapproved software like Steam:

  1. Go to Settings > CIs > Automations.
  2. Click Add.
  3. Fill in the following fields:
    1. Name: Unapproved software
    2. Description: Alerts the team when unauthorized software is installed.
    3. Event: Select “Asset created”, “Asset updated”, or “Asset Software updated”.
  4. In the conditions section, configure
    1. Assets > Computer > Software Installations > Software Name > contains > Steam.

    5. Optional: You can add more software by clicking Add condition and using OR logic. For example: Software Name > contains > Visio.

  5. Scroll to the “Actions” section and click Add action.
  6. Fill in the email details:
    1. Type: Send email.
    2. To: Select the recipient (e.g., your Security or IT Compliance team).
    3. Subject: Blacklisted software detected.
    4. Body: Briefly describe the alert and include the variable CI_LINK to insert a direct link to the asset where the software was found.
  7. Click Save to activate the automation.

Note: You can include as many unapproved software titles as needed. Just add one condition for each. This helps you build a strong monitoring system tailored to your organization’s software policies.

#3: Automatically tag computers with unapproved software

Once you’ve identified which software is not allowed in your environment, you can automatically tag any computer that has it installed. This makes it easier to track and take action without needing to manually search each time.

Here’s how to create a Smart Tag for unapproved software:

  1. Go to the Assets module, click on the Filter tab, and select the following condition:
    1. Computer > Software Installations > Software Name > contains > Steam
  2. Once you’ve created all the conditions for all the unauthorized software, click Update. This will show you all the devices that contain the unauthorised software.

    3. Optional: You can add more software by clicking Add condition and using OR logic. For example: Computer > Software Installations > Software Name > contains > Visio

  3. To create a Smart Tag, go to Filters updated, in the tab bar.
  4. Click on Quick Smart Tag, at the bottom of the page. In the pop-up, enter the following:
    1. Name: Unapproved Software Installations.
    2. Color: Select one for visibility.
    3. Description (optional): Describe the Smart Tag to clarify its purpose.
  5. Click Create to finish.

    6. To see all the computers with the unauthorized software, click on the Tag button, in the up right corner of the screen.

    Note: You can include as many software names as necessary in the filter to match your organization’s blacklist. The Smart Tag will dynamically include all assets that meet the criteria from now on.