No agents in operation

Last updated: December 1, 2021

For decades, we have been inspired by exciting agent stories. Whether it’s the famous British secret service Mi-6 with its double zeros, the CIA and its whistleblowers, or Gru, whose notoriety increased immeasurably in the Disney cartoon spectacle “Despicable Me” – in movies and on TV, the specialists cavort to bring secrets to light and provide their clients with valuable information.
Agents are also often employed in the IT sector. There is not always something evil behind data collection. What is meant is software that is installed on a computer and sends selected information or data to a host (as a central collection point or server). This host then processes the data, such as for a backup of the client, updates for antivirus scanners or collects relevant information about the system.

When the agent stops delivering data

If no more data is delivered to the host by the remote agents, this has different reasons. In thrillers, we can assume that the agent has been involuntarily placed on a higher floor of consciousness. In IT, something similar happens. Either by updating the operating system or replacing the entire system – in both cases the agent has to be brought up to date again or replaced.
This is also accompanied by the disadvantages of an agent system. On each device to be monitored, this software must be installed. It’s nice to have an automated rollout function for new devices. However, such agents cannot be installed on all devices. After all, in addition to Windows, there is also Linux, iOS and of course Android, especially for the mobile devices. Nor will you be able to get a network switch to accept the installation DVD for an agent. No, not even as a media-less installation over the network. And there’s no way to do that with third-party devices that may be on the guest WLAN or connected to the network in the meeting room. Not a legal one, because secretly installing software on other people’s systems falls under the heading of “hacking”. Then one may also gladly reckon with legal consequences.

Why spy when you can ask?

Docusnap takes a different and, above all, much more efficient approach here. Instead of equipping each device with spy software, information is obtained that the device provides on its own.
This data is neither secret nor illegal to obtain. If a device connects to its own network, the connection information (TCP-IP, DHCP) alone provides a wide range of information, even from non-operating devices. This information only needs to be queried at regular intervals and added to the inventory database. Other data, on the other hand, can be read out from the Active Directory (AD) of the company network if an appropriate admin password is stored. The possibilities that exist by means of agentless inventorying and documenting are completely sufficient for seamless and automated documentation of the IT. Network components such as switches or printers can be inventoried very well via SNMP (Simple Network Management Protocol). It does not matter to Docusnap whether the older SNMP v1.2 or even SNMP v3, with encrypted transmission of access password and data, is required.
Since the topic of home office has become increasingly important, computers, primarily transportable devices such as notebooks, are also rarely found on the internal network. Wouldn’t an agent be needed here, which then makes the data available to us?
No, here too there is an elegant solution for all devices that sporadically enter the internal company network outside of Docusnap’s set scan times. On the one hand, each device leaves traces in AD when it logs in and can be captured via this. On the other hand, a scan of the system can be triggered from the central server simply by means of a login script. Since this runs very resource-efficiently, neither the network nor the end device is restricted by this.
Team Docusnap is constantly expanding the scope of the scans used. Meanwhile, data from Exchange Online in the cloud is also included in the database without having to install invasive software. By merging local AD and cloud AD, a lot of information is available here as well, as usual. Even without spying.