For decades, we've been inspired by exciting agent stories. Be it the famous British secret service Mi-6 with its double zeros, the CIA and its whistleblowers, or Gru, whose popularity increased the Disney animated film spectacle “Despicable Me” immensely — the specialists romp around in film and television to reveal secrets to daylight and provide their clients with valuable information.
Agents are also often deployed in the IT sector. In computer jargon, the English word “agents” is more used here. There is not always something bad behind data collection. This means software that is installed on a computer and sends selected information or data to a host (as a central collection point or server). This host then processes the data, such as to back up the client, updates for anti-virus scanners, or collects relevant information about the system.
When the agent stops providing data
If the branch offices no longer deliver data to the host, there are various reasons for this. In thrillers, we can assume that the agent was involuntarily placed on a higher level of consciousness. Something similar is happening in the IT sector. Either by updating the operating system or replacing the entire system — in both cases, the agent must be brought up to date again or replaced.
This also entails the disadvantages of an agent system. This software must be installed on every device to be monitored. It's nice who has an automated rollout function for new devices. However, it is not possible to install such agents on all devices. After all, in addition to Windows, there is also Linux, iOS and, of course, Android, especially for the mobile sectors. Nor will you be able to get a network switch to accept an agent's installation DVD. No, not even as a media-free installation over the network. And with third-party devices that may be currently on the guest WLAN or are connected to the network in the meeting room, there is also no way to do so. None legal, because unintentionally installing software secretly on foreign systems falls under the heading of “hacking”. Then you can also expect legal consequences.
Why spy when you can ask?
Docusnap takes a different and, above all, significantly more efficient approach here. Instead of equipping every device with spy software, information is obtained that the device provides on its own.
This data is neither secret nor illegal to obtain. When a device connects to its own network, a wide range of information is available from the connection information alone (TCP-IP, DHCP), even from non-operational devices. These only need to be queried at regular intervals and added to the inventory database. Other data, in turn, can be read from the Active Directory (AD) of the company network if a corresponding admin password is stored. The options available through agentless inventory and documentation are completely sufficient for seamless and automated IT documentation. Network components such as switches or even printers are very easy to inventory using SNMP (Simple Network Management Protocol). For Docusnap, it doesn't matter whether the older SNMP v1.2 or even SNMP v3, with encrypted transmission of access password and data, is required.
Since the topic of home office has become increasingly important, computers, primarily portable devices such as notebooks, are rarely found in the internal network. Wouldn't an agent be needed here to then provide us with the data?
No, here too, there is an elegant solution for all devices that connect sporadically to the company's internal network outside the Docusnap scan times set. On the one hand, every device leaves traces in AD when logged in and can be recorded via it. On the other hand, a scan of the system from the central server can simply be initiated using a login script. Since it is very resource-efficient, neither the network nor the device is restricted as a result.
The Docusnap team is constantly expanding the range of scans used. Data from Exchange Online from the cloud is now also being added to the database without having to install invasive software. As usual, the merger of local AD and cloud AD means that a lot of information is also available here. Even without espionage.