Agentless monitoring
The ThreatLockDown server analyzes the data it receives from the ThreatLockDown agents to monitor, detect, and trigger alerts for security events and incidents on endpoints. However, some endpoints may have limitations that prevent the installation of the ThreatLockDown agent. ThreatLockDown solves this problem by using the agentless monitoring capability.
Agentless monitoring refers to a type of endpoint monitoring that does not require the installation of an agent or software. This approach uses existing protocols to access and gather information from the monitored endpoint.
The ThreatLockDown agentless monitoring capability uses the SSH (Secure Shell) protocol to collect and transfer events from endpoints to the ThreatLockDown server. The supported platforms include routers, firewalls, switches, and Linux/BSD systems. It allows endpoints with software installation restrictions to meet security and compliance requirements.