Scout Device Agent
On-device software agent that continuously monitors logs, system, and user activity to identify risk and build up a baseline of audit data that can be used in anomaly detection and machine learning-enabled predictive algorithms; information and system characteristics monitored span a wide range, and typically include:
- User Information and Behaviours:
Track user identifier for logged-in users, monitor successful and failed log-in attempts
- Hardware Components:
Create a list of all hardware components in use
- Software Components:
Create a list of all software that is installed
- Software Processes:
Monitor active processes
- USB Devices:
Identify device UUIDs and monitor usage, including storage and peripherals
- Wireless Networks:
Create a list of all SSIDs observed and to which a device connects
- Network Configuration and IP Addressing:
Examine ARP table content, host settings, external IP addresses, local DNS Server changes
Monitor privilege escalation, integrity, access history, change counter
- Root SSL Certificates:
Identify and monitor for changes
Monitor for rootkits
With Scout, you gain authoritative, firsthand knowledge of exactly what is happening on your devices.
A host-based agent monitors hardware and software, system logs, peripheral activity, visible wireless networks, privilege escalations, file modification history – and much more – to reveal risks that can only be detected through careful on-device observation. All information is securely transferred to the RootSecure Cloud for analysis, where you can explore the findings in your RootSecure Dashboard.
To let you take informed action, Scout makes sense of all this information by assigning risk levels based on the industry standard CVSS (Common Vulnerability Scoring System), covering everything from audit information (i.e., no risk) and low importance error messages, to extremely suspicious user behaviour and severe attacks that require immediate intervention.
Over time, Scout helps to predict emerging risks by applying machine learning algorithms to contextual audit information that is linked to observed threats. These predictive algorithms call attention to device and behavioural characteristics that are strong threat indicators, so you can take proactive action before the risk fully appears.