This talk shows how ntopng, an open source monitoring application, can be profitably used to discover, characterise, classify and enforce network traffic policies. ntopng is an open-source passive traffic monitoring tool based on packet capture. These monitoring capabilities have been complemented with active device discovery for the purpose of characterising them (e.g. is this device a tablet, a TV or a PC?) and thus apply monitoring decisions (e.g. a printer should not do any bittorrent traffic, a router should not print). This talk covers passive and active techniques implemented by ntopng for discovering and classifying network devices. As well it shows how this information is used to create monitoring reports and enforce security policies. Finally the talk shows how selected devices can be both actively and passively monitored in order to implement a comprehensive monitoring solution.