Introduction
Asset discovery tools are the primary technical agents responsible for identifying, cataloging, and monitoring every physical and virtual entity within an organizational network. In the modern infrastructure landscape, which spans on-premises hardware, cloud instances, IoT devices, and remote workstations, maintaining an accurate inventory is no longer a manual possibility. These tools operate by scanning network ranges or utilizing lightweight agents to detect hardware specifications, software versions, and configuration states. For IT operations and security teams, asset discovery serves as the “single source of truth” that informs everything from vulnerability management to software license compliance.
The necessity of automated discovery is driven by the rapid expansion of the “shadow IT” phenomenon and the transient nature of cloud resources. Without real-time visibility, organizations face significant security gaps, as unmanaged assets cannot be patched, monitored, or secured. A robust discovery platform provides the foundational data required for a functional Configuration Management Database (CMDB), ensuring that IT service management processes are based on live environmental data rather than outdated spreadsheets. When selecting a discovery solution, organizations must evaluate the depth of its scanning capabilities, the impact on network performance, the accuracy of its fingerprinting algorithms, and how seamlessly the data integrates into broader security and operational workflows.
Best for: IT managers, security operations (SecOps) teams, cloud architects, and compliance officers who require total visibility into their hardware and software estate to manage risk and optimize resources.
Not ideal for: Very small businesses with fewer than ten static devices that can be managed manually, or organizations looking for purely peripheral monitoring without a need for deep system introspection.
Key Trends in Asset Discovery Tools
The integration of Artificial Intelligence and Machine Learning has transformed discovery from a reactive scan into a predictive intelligence function. Modern tools now use behavioral finger-printing to identify “headless” IoT devices and unmanaged hardware that traditional signature-based methods might miss. There is a significant shift toward “Continuous Asset Inventory,” where the concept of a scheduled weekly scan is being replaced by real-time streaming updates that reflect changes in the environment within seconds of a new device connecting to the network.
Cloud-native discovery is another dominant trend, with tools now offering deep API integration into multiple cloud service providers to track ephemeral assets like containers and serverless functions that may only exist for a few minutes. We are also seeing a convergence between asset discovery and Cyber Asset Attack Surface Management (CAASM), where platforms not only find the asset but also immediately map its exposure and security posture. Furthermore, the rise of remote work has pushed discovery tools to become more resilient, utilizing passive listening and mesh-sensing technologies to identify assets that rarely connect to the corporate VPN.
How We Selected These Tools
Our selection process involved an exhaustive technical analysis of discovery engines and their ability to operate across hybrid environments. We prioritized platforms that demonstrate high accuracy in device “fingerprinting,” which is the ability to correctly identify the make, model, and operating system of a device based on network behavior. A critical criterion was the “agentless” capability of the tool, evaluating how much information can be gathered without requiring software installation on every endpoint, which is essential for legacy and IoT devices.
Scalability was a major factor; we selected tools that can manage environments ranging from a few hundred nodes to millions of global assets without degrading network performance. We also scrutinized the breadth of the software recognition libraries, favoring tools that can identify thousands of unique applications and their respective versions. Security posture was evaluated by looking for encrypted data transit and robust access controls for the discovery data itself. Finally, we assessed the ecosystem value, specifically how well these tools synchronize data with leading IT Service Management (ITSM) and Security Information and Event Management (SIEM) platforms.
1. Lansweeper
Lansweeper is a market-leading IT asset management and discovery platform that excels in providing deep visibility across diverse hardware and software landscapes. It uses a powerful agentless discovery engine to scan networks and provide a comprehensive inventory of everything from servers and workstations to printers and switches.
Key Features
The platform features a multi-scan technology that combines several protocols like SNMP, WMI, and SSH to gather deep technical data without installing software on endpoints. It includes an automated “Software Inventory” that tracks installations, versions, and license keys across the entire estate. The system offers a “Vulnerability Mapping” feature that cross-references discovered assets with known vulnerability databases. It features an integrated “Asset Radar” that detects devices the moment they connect to the network. It also provides a robust reporting engine with hundreds of pre-built templates for compliance and auditing.
Pros
The agentless scanning is exceptionally thorough, capturing details that many other tools miss. It offers excellent value for money, especially for mid-market organizations with complex local networks.
Cons
The user interface can feel slightly dated compared to newer cloud-native competitors. Advanced configuration for segmented networks can be complex to set up initially.
Platforms and Deployment
Windows-based installation for the scanning server with web-based management. Supports hybrid and cloud-connected deployments.
Security and Compliance
Supports credential-free scanning options and provides encrypted storage for all discovered asset data. Adheres to standard data privacy regulations.
Integrations and Ecosystem
Offers extensive integrations with ITSM tools like ServiceNow, Zendesk, and Freshservice, as well as various security platforms.
Support and Community
Known for a very active user community and a comprehensive knowledge base with detailed technical documentation.
2. Device42
Device42 is a comprehensive data center and cloud management platform that provides powerful automated discovery and dependency mapping. It is designed for mid-to-large enterprises that need to understand the complex relationships between their physical hardware, virtual machines, and software applications.
Key Features
The platform features “Application Dependency Mapping,” which visually displays how different software components and servers interact with each other. It includes an automated “IP Address Management” (IPAM) system that tracks IP allocations alongside asset data. The system offers deep discovery for both on-premises data centers and major cloud providers like AWS and Azure. It features “Resource Utilization” tracking to help identify underused or “zombie” servers. It also provides detailed power and environmental monitoring for physical data center racks.
Pros
The dependency mapping is a standout feature for disaster recovery and migration planning. It provides a very high level of detail for enterprise-grade networking and server hardware.
Cons
The density of features results in a steeper learning curve for new administrators. Pricing is at the premium end of the market, reflecting its enterprise focus.
Platforms and Deployment
Available as a virtual appliance that can be deployed on-premises or in the cloud.
Security and Compliance
Provides robust role-based access control (RBAC) and maintains detailed audit logs of all discovery and system changes.
Integrations and Ecosystem
Integrates deeply with automation tools like Ansible and Puppet, as well as major ITSM and monitoring platforms.
Support and Community
Offers professional implementation services and a dedicated technical support team for enterprise customers.
3. ServiceNow ITOM Discovery
ServiceNow ITOM Discovery is a component of the broader ServiceNow platform, designed to populate the Configuration Management Database (CMDB) with live, accurate data. It is the enterprise standard for organizations that want discovery data to drive their IT service and operations management.
Key Features
The platform features “Service Mapping,” which connects assets to the specific business services they support, such as a customer portal or payroll system. It includes a “Horizontal Discovery” engine that identifies hardware and software across the global network. The system offers a “Multi-Source CMDB” that allows data from various discovery tools to be reconciled into a single record. It features automated “Certificate Management” to track and renew SSL/TLS certificates. It also provides deep cloud discovery for managing hybrid and multi-cloud environments.
Pros
The integration with the broader ServiceNow ecosystem makes it incredibly powerful for automated incident and change management. It is highly scalable for the world’s largest global infrastructures.
Cons
Implementation is a major project that typically requires specialized consultants. The total cost of ownership is high compared to standalone discovery tools.
Platforms and Deployment
Cloud-based platform with local “MID Servers” used to perform the actual network scanning.
Security and Compliance
Maintains the highest level of security certifications including SOC 2, ISO 27001, and FedRAMP.
Integrations and Ecosystem
Native integration with the entire ServiceNow suite and thousands of third-party apps via the ServiceNow Store.
Support and Community
Offers a massive global ecosystem of partners, certified developers, and a very large professional community.
4. Axonius
Axonius is a leader in the Cyber Asset Attack Surface Management (CAASM) space, focusing on consolidating data from existing tools to provide a complete asset inventory. It is designed for security teams who need to find “unmanaged” assets that are missing from their security agents.
Key Features
The platform features a “Connection-Based” architecture that pulls data from over 400 existing security and management tools via APIs. It includes an “Asset Query” engine that allows users to find assets based on complex security criteria, such as “devices with no EDR installed.” The system offers automated “Enforcement Actions” to notify teams or trigger tickets when an asset falls out of compliance. It features a “Unified Asset View” that de-duplicates data from multiple sources into a single record. It also provides historical tracking to see how the asset estate has changed over time.
Pros
It does not require network scanning or agents, as it leverages the data you already have. It is exceptionally fast at identifying gaps in security coverage.
Cons
Its effectiveness depends entirely on the quality of the data in your other tools. It is primarily a security tool and may lack some of the deep hardware telemetry of dedicated scanners.
Platforms and Deployment
Available as a SaaS offering or as a virtual appliance for on-premises deployment.
Security and Compliance
SOC 2 compliant and provides granular controls over who can view sensitive asset and security data.
Integrations and Ecosystem
Features the largest integration library in the industry, connecting to everything from Active Directory to cloud providers and security scanners.
Support and Community
Provides a dedicated customer success model and a very high level of technical support for complex integrations.
5. Qualys Global AssetView
Qualys Global AssetView is a cloud-native asset discovery and inventory tool that is part of the Qualys Cloud Platform. it focuses on providing security-centric visibility into global hybrid environments, from local endpoints to cloud containers.
Key Features
The platform features a “Cloud Agent” that provides real-time telemetry from assets even when they are not on the corporate network. It includes “Passive Scanning” technology that identifies devices by listening to network traffic without sending probes. The system offers a “Global IT Asset Inventory” that automatically categorizes assets into logical groups like “Databases” or “Web Servers.” It features deep integration with the Qualys vulnerability management suite. It also provides a “Cloud Metadata” view that shows the security context of cloud-native resources.
Pros
The “Cloud Agent” is lightweight and highly effective for remote workforces. Being part of the Qualys platform makes it a logical choice for teams focused on vulnerability management.
Cons
The interface can be complex due to the sheer number of security features available. Some users find the reporting and dashboarding less flexible than dedicated ITAM tools.
Platforms and Deployment
Cloud-native SaaS with optional local scanning appliances and multi-platform agents.
Security and Compliance
Maintains top-tier security certifications and is widely used in highly regulated industries like finance and healthcare.
Integrations and Ecosystem
Integrates with major ITSM platforms and provides a robust API for custom data exports.
Support and Community
Offers extensive training through Qualys University and has a large, professional user base globally.
6. SolarWinds Service Desk (Discovery)
SolarWinds provides a powerful asset discovery engine as part of its Service Desk and ITOM solutions. It is designed for IT teams that need a reliable, easy-to-deploy tool for tracking hardware and software across a distributed office network.
Key Features
The platform features a “Discovery Agent” for deep introspection of Windows, macOS, and Linux endpoints. It includes an “Agentless Scanner” for identifying network-attached devices like routers, printers, and switches. The system offers an automated “Software Reconciliation” tool that helps manage license compliance. It features integrated “Contract Management” to track warranties and maintenance agreements alongside asset records. It also provides a “Risk Detection” dashboard that flags assets with outdated software or missing patches.
Pros
The tool is very easy to deploy and starts providing value almost immediately. It offers a great balance of features for mid-sized IT departments.
Cons
It may lack some of the deep data center and dependency mapping features found in enterprise tools. Some advanced reporting requires a significant manual setup.
Platforms and Deployment
Cloud-based management with local agents and scanners.
Security and Compliance
Adheres to standard industry security practices with encrypted data communication between agents and the cloud.
Integrations and Ecosystem
Native integration with the broader SolarWinds ITOM and ITSM portfolio.
Support and Community
Backed by the “THWACK” community, one of the largest and most active forums for IT professionals.
7. ManageEngine AssetExplorer
ManageEngine AssetExplorer is a dedicated IT asset management tool that focuses on the entire lifecycle of an asset, from procurement to disposal. It is a cost-effective solution for organizations that need rigorous tracking of their hardware and software investments.
Key Features
The platform features a “Universal Discovery” engine that supports agent-based, agentless, and distributed scanning. It includes a comprehensive “Software License Management” module that tracks usage vs. entitlement. The system offers “Purchase Order” and “Contract Management” tools that are linked directly to asset records. It features a “Remote Control” capability to troubleshoot discovered assets directly from the console. It also provides detailed “Asset Depreciation” calculations for financial reporting.
Pros
It provides an incredible amount of functionality at a very competitive price point. The integration between procurement data and live discovery is highly effective for ITAM.
Cons
The user interface can feel cluttered and less intuitive than some of the modern SaaS competitors. Scaling to very large, global environments can require significant server resources.
Platforms and Deployment
Available as an on-premises Windows installation or as a cloud-based service.
Security and Compliance
Provides role-based access control and secure credential management for network scanning.
Integrations and Ecosystem
Integrates seamlessly with ManageEngine ServiceDesk Plus and other tools in the Zoho/ManageEngine family.
Support and Community
Offers a wide range of support options, including 24/5 technical support and a library of video tutorials.
8. Tanium Asset
Tanium Asset is part of the Tanium platform, known for its unique “linear-chain” architecture that allows for incredibly fast discovery and control of endpoints at scale. It is designed for massive enterprises that need real-time data from millions of global assets.
Key Features
The platform features a “Real-Time Query” engine that can return data from every endpoint in the organization in seconds. It includes an “Unmanaged Asset Discovery” tool that identifies devices on the network that do not have the Tanium agent installed. The system offers a “Custom Reporting” engine that can be used to build complex views of hardware and software health. It features deep “Data Normalization” to ensure that software names and versions are consistent across the database. It also provides “Historical Inventory” to track asset movements over time.
Pros
The speed and scalability are unmatched in the industry; it can query a million endpoints in under a minute. It provides a single agent for discovery, security, and management.
Cons
The architecture is very different from traditional tools and requires specialized training to manage. It is a premium enterprise product with a high entry cost.
Platforms and Deployment
Available as a cloud service or as an on-premises appliance. Requires a dedicated agent on managed endpoints.
Security and Compliance
Industry-leading security with a focus on high-fidelity data and secure communication protocols.
Integrations and Ecosystem
Integrates with major ITSM and SIEM tools and provides a powerful API for custom workflows.
Support and Community
Provides high-touch technical account management (TAM) for its enterprise customers.
9. OpenAudit (FirstWave)
OpenAudit is a highly flexible, open-source-based discovery tool that is favored by IT administrators who need a customizable and cost-effective way to inventory their networks. It is known for its ability to extract a vast amount of data using standard protocols.
Key Features
The platform features a “Script-Based” discovery engine that can be customized to gather almost any data point from a remote system. It includes an automated “Compare” feature that shows exactly what has changed on an asset between scans. The system offers a “Database-First” architecture that allows for easy custom reporting via SQL queries. It features support for a wide range of devices, including Windows, Linux, network gear, and even specialized hardware. It also provides a simple dashboard for tracking software installations and licensing.
Pros
It is extremely flexible and can be modified to suit almost any unique environment. The “Community” version is free to use, making it ideal for testing or small teams.
Cons
The user interface is functional but lacks the polish and “drag-and-drop” ease of use of commercial tools. It requires more technical skill to configure and maintain.
Platforms and Deployment
Available for installation on Windows and Linux servers.
Security and Compliance
Security depends on the host environment; it supports encrypted protocols for all network discovery tasks.
Integrations and Ecosystem
Provides a RESTful API and can be integrated with various open-source monitoring and ticketing systems.
Support and Community
Supported by a dedicated community of developers and a professional support tier from FirstWave.
10. RunZero
RunZero (formerly Rumble) is a modern, high-performance network discovery and asset inventory tool built on a proprietary scanning engine. It is designed to find everything on a network—including unmanaged and “forgotten” devices—without the need for agents or credentials.
Key Features
The platform features a “Credential-Less” discovery engine that uses advanced network fingerprinting to identify devices without needing passwords. It includes “Passive Discovery” that can find assets simply by watching network traffic. The system offers a “Network Topology” view that visually maps how devices are connected. It features a “Vulnerability Research” module that identifies high-risk devices based on their exposed services. It also provides “Cloud and SaaS” discovery to provide a unified view of the entire attack surface.
Pros
It is incredibly fast and can scan a large network in a fraction of the time of traditional tools. Its ability to identify devices without credentials makes it excellent for finding shadow IT.
Cons
It is primarily focused on discovery and inventory, so it lacks the deep “lifecycle” management (like procurement) found in ITAM tools. The reporting is highly technical.
Platforms and Deployment
Cloud-based management with lightweight “explorers” that can be run on almost any OS or as a portable executable.
Security and Compliance
Fully GDPR compliant and focuses on providing high-fidelity data for security teams without compromising network stability.
Integrations and Ecosystem
Integrates with major security tools, ITSM platforms, and cloud providers via a modern API.
Support and Community
Known for excellent technical support and a rapidly growing community of security and IT professionals.
Comparison Table
| Tool Name | Best For | Platform(s) Supported | Deployment | Standout Feature | Public Rating |
| 1. Lansweeper | ITAM / Hybrid IT | Windows, Cloud | Hybrid | Multi-Scan Technology | 4.7/5 |
| 2. Device42 | Data Center / Dependency | Virtual Appliance | On-Prem/Cloud | Dependency Mapping | 4.6/5 |
| 3. ServiceNow | Enterprise / ITSM Hub | Cloud-Based | Cloud SaaS | Service Mapping | 4.5/5 |
| 4. Axonius | Security / CAASM | Web-Based | Cloud/Hybrid | API-Driven Inventory | 4.8/5 |
| 5. Qualys | SecOps / Vulnerability | Win, Mac, Linux | Cloud SaaS | Cloud Agent Scanning | 4.6/5 |
| 6. SolarWinds | Mid-Market / IT Ops | Web-Based | Cloud SaaS | Easy Deployment | 4.4/5 |
| 7. ManageEngine | Lifecycle / Financial | Windows, Cloud | Hybrid | Depreciation Tracking | 4.3/5 |
| 8. Tanium | Global Scale / Speed | Win, Mac, Linux | Cloud/Hybrid | Real-Time Querying | 4.7/5 |
| 9. OpenAudit | Customization / Budget | Win, Linux | On-Prem | Scriptable Discovery | 4.2/5 |
| 10. RunZero | Shadow IT / Speed | Web-Based | Cloud SaaS | Credential-Less Scan | 4.9/5 |
Evaluation & Scoring of Asset Discovery Tools
The scoring below is a comparative model intended to help shortlisting. Each criterion is scored from 1–10, then a weighted total from 0–10 is calculated using the weights listed. These are analyst estimates based on typical fit and common workflow requirements, not public ratings.
Weights:
- Core features – 25%
- Ease of use – 15%
- Integrations & ecosystem – 15%
- Security & compliance – 10%
- Performance & reliability – 10%
- Support & community – 10%
- Price / value – 15%
| Tool Name | Core (25%) | Ease (15%) | Integrations (15%) | Security (10%) | Performance (10%) | Support (10%) | Value (15%) | Weighted Total |
| 1. Lansweeper | 10 | 8 | 8 | 8 | 9 | 9 | 9 | 8.85 |
| 2. Device42 | 9 | 6 | 9 | 9 | 8 | 8 | 7 | 8.00 |
| 3. ServiceNow | 9 | 4 | 10 | 10 | 8 | 9 | 5 | 7.90 |
| 4. Axonius | 8 | 9 | 10 | 9 | 10 | 9 | 8 | 8.80 |
| 5. Qualys | 8 | 7 | 8 | 10 | 9 | 8 | 7 | 7.95 |
| 6. SolarWinds | 7 | 9 | 8 | 8 | 8 | 8 | 8 | 7.80 |
| 7. ManageEngine | 8 | 7 | 7 | 8 | 7 | 8 | 10 | 7.85 |
| 8. Tanium | 9 | 5 | 8 | 10 | 10 | 9 | 6 | 8.05 |
| 9. OpenAudit | 7 | 5 | 7 | 7 | 8 | 6 | 10 | 7.00 |
| 10. RunZero | 9 | 9 | 8 | 9 | 10 | 9 | 9 | 9.05 |
How to interpret the scores:
- Use the weighted total to shortlist candidates, then validate with a pilot.
- A lower score can mean specialization, not weakness.
- Security and compliance scores reflect controllability and governance fit, because certifications are often not publicly stated.
- Actual outcomes vary with assembly size, team skills, templates, and process maturity.
Which Asset Discovery Tool Is Right for You?
Solo / Freelancer
For very small teams or solo founders, the primary concern is obtaining a simple list of equipment without a long setup time. You need a tool that is either free or very low cost and can be run occasionally to ensure you have an accurate inventory for insurance or tax purposes. A portable, no-install scanner is often the best choice here.
SMB
Organizations with limited technical resources should look for a tool that balances discovery with lifecycle management. You likely need to track older, donated equipment and manage basic software compliance on a tight budget. A platform that offers a “Community” or heavily discounted nonprofit tier is the most sustainable choice.
Mid-Market
Mid-sized organizations with a mix of office and remote staff need a hybrid discovery model. You require something that is easy to deploy but offers enough depth to satisfy auditors and secure your network. A cloud-managed solution with a lightweight agent for remote laptops and an agentless scanner for the office is the ideal balance.
Enterprise
Large, global enterprises need a discovery tool that can act as the authoritative data source for a massive CMDB. Your priorities are scalability, high-fidelity data, and deep integration with ITSM and security automation. You should look for platforms that offer real-time querying and the ability to map assets to specific business services.
Budget vs Premium
If budget is the deciding factor, open-source or script-based tools offer professional results but require more manual effort to maintain. Premium tools justified their cost through advanced features like AI-driven dependency mapping, real-time vulnerability cross-referencing, and dedicated enterprise support that reduces the administrative burden on your team.
Feature Depth vs Ease of Use
Highly specialized “data center” tools offer deep telemetry into every hardware component but can be overwhelming for general IT use. For most organizations, a tool that provides a “clean” overview of the most common assets with a simple, modern interface is more valuable than a complex system that few people know how to operate.
Integrations & Scalability
Discovery data is only useful if it flows into the tools you use for daily work. Ensure the platform you choose has native connectors for your ticketing system and security stack. As your organization grows, the tool must be able to handle increased network segments and cloud accounts without a significant increase in management overhead.
Security & Compliance Needs
If you are subject to rigorous audits (like SOC 2 or HIPAA), your discovery tool must be a partner in compliance. Look for features like historical change tracking, automated “unauthorized device” alerts, and the ability to generate detailed software audit reports. The security of the discovery data itself is also a critical legal consideration.
Frequently Asked Questions (FAQs)
1. What is the difference between agent-based and agentless discovery?
Agent-based discovery requires a small software installation on each device, providing deep internal data and real-time updates. Agentless discovery uses network protocols to “probe” devices, which is better for hardware where you cannot install software, like printers and switches.
2. Does asset discovery slow down the network?
Modern discovery tools are designed to be “network-friendly,” using low-bandwidth probes and intelligent scheduling. However, aggressive scans on older network equipment can cause temporary latency, so it is best to schedule deep scans during off-peak hours.
3. Why do I need discovery if I already have a cloud console?
Cloud consoles only show the assets within that specific provider. An asset discovery tool provides a “unified” view that combines your cloud instances with your physical office hardware, remote laptops, and on-premises servers into a single inventory.
4. How does discovery handle remote workers?
Most modern tools use a lightweight “Cloud Agent” that periodically sends asset data back to the central server via the internet. This ensures that a laptop is tracked even if the user never connects to the corporate VPN.
5. Can discovery tools find “Shadow IT”?
Yes, one of the primary values of network discovery is identifying unauthorized devices (like personal routers or unapproved servers) that have been plugged into the network without the knowledge of the IT department.
6. Is it possible to track software license usage with these tools?
Professional discovery tools can identify not only that a piece of software is installed, but also when it was last used. This “usage metering” is vital for reclaiming unused licenses and reducing unnecessary software spend.
7. How often should I run a discovery scan?
For static office environments, a daily or weekly scan is often sufficient. However, for dynamic cloud environments or high-security networks, “continuous” discovery or real-time agent updates are the modern standard to ensure data accuracy.
8. What is a “headless” device and why is it hard to find?
Headless devices are things like IoT sensors, smart cameras, and industrial controllers that have no user interface. They are hard to find because they often use non-standard protocols, requiring discovery tools with advanced network fingerprinting capabilities.
9. Can asset discovery help with financial depreciation?
Yes, many ITAM-focused discovery tools allow you to input purchase dates and costs, then automatically calculate the current book value of your hardware estate based on standard depreciation schedules.
10. Do I need a CMDB if I have a discovery tool?
A discovery tool finds the data, while a CMDB (Configuration Management Database) organizes that data into relationships and business contexts. Most discovery tools are designed to be the “engine” that feeds and maintains the CMDB.
Conclusion
Asset discovery is the technical cornerstone of a secure and efficient IT operation. As organizational boundaries continue to blur between physical offices and distributed cloud environments, the ability to maintain a real-time, accurate inventory is a prerequisite for both operational excellence and cyber resilience. By moving away from static, manual tracking and toward an automated, continuous discovery model, teams can eliminate the “blind spots” that lead to security breaches and financial waste. The ideal discovery strategy is one that provides a clear, unified view of every asset, ensuring that no device or software application remains unmanaged or unprotected.