Outlier is impressive, given that it is agentless, but only available for Windows computers. Because you perform its scans on a regular basis, it is best used for longer-term detection rather than real-time analysis. They have recently beefed up their series of APIs and Python SDK that allow you to scan an endpoint on demand through either Splunk or AlienVault.
Pricing is $40 per endpoint per year, with quantity discounts available.
Promisec has a slightly different approach: The product consists of its endpoint manager (PEM) server running a series of modules, along with the Sentries. This means there is no agent or sensor software installed directly on endpoints. Instead, it uses Windows-based (Server 2008 or above) Sentries on each network segment that you wish to monitor.
This means it can be more comprehensive in its analysis, since you don’t have to wait for them to support a particular OS version or embedded device. The endpoints can be running any Windows, Linux and Mac OS. They are monitored through the SSH Port 22 and NMAP.
When you first bring up PEM, there are up to five modules: compliance, management, automation, power manager and inventory. Each has its own Windows-based console (there are no Web versions, unfortunately). The inventory console will show you the current status of your endpoint collection, what kind of hardware and software applications the detection server found, and a nice listing of what is new since you last took stock. You can search by computer name, IP address, OS, and a dozen other parameters, and save these queries for easy access later.
The compliance console will show software that isn’t up to spec, and particular processes that look suspicious. You can right-click on a particular entry and run additional forensics on it, whitelist the entry to avoid it showing up again, take over control of a particular endpoint and install software on it, send a message to that machine, perform an NMAP port scan, or view what else is running on that particular machine.
Further automated remediation actions can be launched from that particular console, such as install software, run scripts, or update anti-virus protection. Finally, the power management console can set up a coherent power savings policy across all your endpoints and have it calculate the overall energy savings. Given that there isn’t any agent installed on the endpoint that is pretty impressive list of actions.
Each console has its own series of pre-set reports: the compliance manager for example, comes with more than 60 pre-set reports, such as endpoints missing patches and not running host-based firewalls, among numerous other things. There is also a link to download a PDF of the entire user guide.
Sign up for CIO Asia eNewsletters.