Home Quick Setup Guide Timus Manager Timus Connect App

Timus Connect Telemetry

This article explains the details of the Timus Connect Application - Telemetry

1. Overview:

  • Brief Description of the Feature: The Timus Telemetry Agent is designed to collect detailed information from devices running Windows and macOS operating systems querying via Timus Connect. This data is displayed in the Manager, providing administrators with comprehensive device insights and enhancing device management and device posture assessments.

  • Purpose: The Timus Telemetry Agent was developed to address the need for comprehensive device monitoring and security assessment in a rapidly evolving IT environment. By integrating real-time data collection, this feature provides administrators with the tools needed to ensure devices comply with security policies and to detect potential issues early.

  • Target Audience: The primary users of this feature are network administrators and IT security teams who use Timus Connect and the Manager. This feature touches on several parts of the Timus SASE solution, including Timus Connect, Manager, and backend improvements for data collection and processing.

2. Key Benefits:

  • Comprehensive Device Insights:

Administrators can access detailed information about devices, including operating system details, hardware specifications, security settings, and storage devices, providing a holistic view of each device's status. This enables better decision-making and more effective management of the IT environment.

  • Enhanced Security Monitoring:

The integration of Timus Telemetry Agent data into Device Posture Checks allows for continuous monitoring and assessment of device compliance and security posture, enhancing overall network security. This proactive approach helps in identifying and mitigating potential threats before they can cause significant damage.

  • Real-Time Data Collection:

Timus Telemetry Agent continuously collects and updates device data, ensuring that administrators have access to the most current information. This real-time data is crucial for timely decision-making and incident response, allowing organizations to maintain a robust security posture.

  • Integration with Existing Security Tools:

The data collected by Timus Telemetry Agent can be used alongside information from other security tools such as Microsoft Defender, Bitdefender, and SentinelOne, providing a unified approach to device posture management. This integration enhances the effectiveness of existing security measures and ensures comprehensive coverage.

  • Customizable Reporting and Policies:

Administrators can create custom Device Posture Checks and User Sign-in policies based on the data from Timus Connect. This allows for tailored security measures and compliance reporting, ensuring that organizations can adapt their security strategies to meet specific requirements and threats.

3. Use Cases:

Use Case 1: Identifying and Isolating Malware

  • Scenario: An IT security team wants to block a suspicious process named "dllhost.exe" running on a user's device, which could compromise the integrity and security of the network.

  • Implementation:

    • The security team accesses the Manager and navigates to the devices table. They select the device and click on "View Device Details."

    • In the "Processes" tab, they identify the "dllhost.exe" process.

    • They use the "View Process Details" to get more information about the process and its associated ports.

    • The security team then creates a Device Posture Check (DPC) using Timus Connect as a data source, specifying "Running Processes" and setting the identifier to "dllhost.exe".

    • They configure the DPC to fail if this process is detected, ensuring immediate isolation of the device from the network.

  • Result: The device fails the DPC due to the presence of "dllhost.exe" triggering automated actions such as network isolation. This prevents the spread of malware and protects network resources.

Use Case 2: Ensuring OS Version Compliance

  • Scenario: An organization needs to ensure all devices running Windows have an OS version that meets their security requirements.

  • Device Posture Check Configuration:

    • Title: OS Version Compliance

    • Assigned Operating System: Windows

    • Attribute List:

      • Data Source: Timus Connect

      • Attribute: OS Version

      • Condition: is any of

      • Pass Value: Windows 11

  • Implementation:

  1. The administrator navigates to the Device Posture Checks section in the Manager portal.

  2. The administrator creates a new posture check titled "OS Version Compliance."

  3. They set the data source to Timus Connect and select the attribute "OS Version."

  4. They configure the condition to pass if the OS version is Windows 11.

  5. They save the posture check, which will now evaluate connected devices against these criteria.

  • Result: Devices with compliant OS versions pass the check and retain normal access. Devices with non-compliant OS versions are flagged and can be restricted or prompted for updates.

Use Case 3: Monitoring and Restricting Insecure Running Processes

  • Scenario: An IT security team wants to ensure that certain potentially insecure processes are not running on any device within the network.

  • Device Posture Check Configuration:

    • Title: Insecure Process Monitoring

    • Assigned Operating System: Windows and macOS

    • Attribute List:

      • Data Source: Timus Connect

      • Attribute: Running Processes

      • Identifier: AnyDesk

      • Condition: contains

      • Pass Value: True

  • Implementation:

  1. The administrator accesses the Manager and goes to the Device Posture Checks section.

  2. They created a new posture check titled "Insecure Process Monitoring."

  3. They set the data source to Timus Connect and select the attribute "Running Processes."

  4. They enter "AnyDesk" as the identifier and set the condition to "contains" with a pass value of "True."

  5. The check is saved, and it continuously monitors devices for the running process "AnyDesk"

  • Result: If the process is detected, the device fails the posture check, and appropriate actions can be taken, such as notifying the user to close the application or restricting network access until the process is terminated.

Use Case 4: Ensuring Critical Services are Running

  • Scenario: A critical service must be running on all devices for compliance and operational reasons.

  • Device Posture Check Configuration:

    • Title: Critical Service Check

    • Assigned Operating System: Windows

    • Attribute List:

      • Data Source: Timus Connect

      • Attribute: Service State

      • Identifier: CSFalconService

      • Condition: is equal to

      • Pass Value: Running

  • Implementation:

  1. The administrator goes to the Device Posture Checks section in the Manager portal.

  2. They create a new posture check titled "Critical Service Check."

  3. They set the data source to Timus Connect and choose the attribute "Service State."

  4. They specify "CSFalconService" as the identifier and set the condition to "is equal to" with a pass value of "Running."

  5. The posture check is saved and monitors devices to ensure the specified service is running.

  • Result: Devices with the critical service running pass the posture check and remain operational. If the service is not running, the device fails the check, triggering alerts or remediation actions.

Use Case 5: Managing Startup Items for Security

  • Scenario: The security team wants to ensure that certain applications are not set to start automatically on devices to prevent potential security risks.

  • Device Posture Check Configuration:

    • Title: Startup Item Compliance

    • Assigned Operating System: Windows

    • Attribute List:

      • Data Source: Timus Connect

      • Attribute: Startup Items

      • Identifier: PanGPA

      • Condition: contains

      • Pass Value: True

  • Implementation:

  1. The administrator navigates to the Device Posture Checks section in the Manager portal.

  2. They create a new posture check titled "Startup Item Compliance."

  3. They set the data source to Timus Connect and select the attribute "Startup Items."

  4. They enter "PanGPA" as the identifier and set the condition to "contains" with a pass value of "True."

  5. The posture check is saved and monitors startup items on devices.

  • Result: If the identified startup item is present, the device fails the posture check, and actions such as disabling the startup item or alerting the user can be taken to mitigate the security risk.

4. Competitive Analysis:

  • Comparison with Competitors: The Timus Telemetry Agent feature in Timus Connect distinguishes itself from similar products offered by competitors such as Perimeter 81, Todyl, Fortigate, Zscaler, and Check Point through several key aspects:

  1. Detailed Data Collection:

  • Timus Connect: Provides comprehensive data collection from devices, including operating system details, hardware specifications, security settings, and more.

  • Perimeter 81: Offers basic telemetry but lacks the depth of data collection provided by Timus Connect.

  • Todyl: Provides some telemetry data but does not offer the same level of detail and integration as Timus Connect.

  • Fortigate: Supports basic device information but lacks the comprehensive data collection capabilities of Timus Connect.

  • Zscaler: Offers telemetry data but does not match the granularity and flexibility of Timus Connect’s options.

  • Check Point: Provides basic telemetry features but lacks the depth of customization and detail available in Timus Connect.

  1. Integration with Device Posture Checks:

  • Timus Connect: Seamlessly integrates telemetry data into Device Posture Checks, enhancing security monitoring and compliance.

  • Perimeter 81: Offers basic integration but lacks the comprehensive posture check capabilities of Timus Connect.

  • Todyl: Provides some integration options but does not offer the same level of seamless integration with posture checks.

  • Fortigate: Limited integration with posture checks compared to Timus Connect.

  • Zscaler: Basic integration with posture checks but lacks the advanced features of Timus Connect.

  • Check Point: Offers limited integration with posture checks, not matching the comprehensive approach of Timus Connect.

  1. Real-Time Data Collection:

  • Timus Connect: Continuously collects and updates device data, providing real-time insights.

  • Perimeter 81: Offers periodic updates but lacks continuous real-time data collection.

  • Todyl: Provides regular updates but does not offer continuous real-time data collection.

  • Fortigate: Supports periodic data collection but lacks real-time updates.

  • Zscaler: Provides basic real-time updates but not as comprehensive as Timus Connect.

  • Check Point: Offers periodic updates, lacking continuous real-time data collection.

Unique Selling Points:

  1. Comprehensive Device Insights:

  • Feature: Detailed information on operating systems, hardware, security settings, and storage devices.

  • Benefit: Enables better decision-making and more effective IT management.

  1. Enhanced Security Monitoring:

  • Feature: Integration with Device Posture Checks for continuous monitoring and assessment.

  • Benefit: Improves overall network security by identifying and mitigating potential threats early.

  1. Real-Time Data Collection:

  • Feature: Continuous data collection and updates.

  • Benefit: Provides the most current information for timely decision-making and incident response.

  1. Integration with Existing Security Tools:

  • Feature: Seamless integration with tools like Microsoft Defender, Bitdefender, and SentinelOne.

  • Benefit: Enhances the effectiveness of existing security measures.

  1. Customizable Reporting and Policies:

  • Feature: Ability to create custom posture checks and policies based on collected data.

  • Benefit: Allows for tailored security measures and compliance reporting.

5. FAQs:

  • Question 1: What is the Timus Telemetry Agent feature?

    • Answer: The Timus Telemetry Agent collects detailed information from Windows and macOS devices using a query engine while connected to Timus Connect, displaying this data in the Manager portal for comprehensive device insights.

  • Question 2: How does the Timus Telemetry Agent enhance security monitoring?

    • Answer: By integrating telemetry data into Device Posture Checks, the Timus Telemetry Agent allows for continuous monitoring and assessment of device compliance and security posture, improving overall network security.

  • Question 3: How often is the device data updated?

    • Answer: The Timus Telemetry Agent continuously collects and updates device data every 5 minutes, ensuring administrators have access to the most current information.

  • Question 4: How can administrators create custom posture checks using Timus Telemetry Agent data?

    • Answer: Administrators can configure posture checks in the Manager using attributes from Timus Connect as a Data Source, determining pass/fail statuses and generating detailed compliance reports.

6. Visuals and Diagrams:

Step 1: Accessing Device Details

  1. Navigate to Devices Table:

  • In the Manager portal, navigate to the "Devices" tab to view a list of all devices connected to Timus Connect.

  1. Select Device:

  • Locate the device with the OS set to Windows or macOS. Click on the three dots next to the device entry.

  1. View Device Details:

  • From the dropdown menu, select "View Device Details." This action opens a detailed view of the selected device.

Step 2: Overview Tab

  • Overview Section:

    • This section provides a general overview of the device, displaying key information such as the last sync time.

For Windows Devices:

  • Operating System Information:

    • Includes details like OS name, version, build, platform, computer name, user, and user ID.

  • Hardware Information:

    • Displays hardware specifications including hostname, CPU brand, CPU physical cores, CPU logical cores, CPU sockets, physical memory, and serial number.

  • Security Information:

    • Shows security-related data such as firewall status, auto-update, antivirus, internet settings, Windows Security Center Service, and UAC. It also includes specific security product information, such as type, state, timestamp, and whether the signature is up-to-date.

  • Storage Devices:

    • Lists the storage devices on the computer, displaying disk UUIDs, type, usage, file system, and encryption status.

For macOS Devices:

  • Operating System Information:

    • Includes details like OS name, version, build, platform, computer name, user, and user ID.

  • Hardware Information:

    • Displays hardware specifications including hostname, CPU brand, CPU physical cores, CPU logical cores, CPU sockets, physical memory, and serial number.

  • Security Information:

    • Shows security-related data such as Firewall, Firewall Version, Firewall Unload, Firewall Logging, Logging State, Side Mode, Stealth Mode, Gatekeeper Status, Gatekeeper Dev Status, Version, Gatekeeper Opac, and FileVault.

  • Storage Devices:

    • Lists the storage devices on the computer, displaying disk UUIDs, type, usage, file system, encryption status, and path.

Step 3: Navigating Network Tab:

Displays network interface details such as Interface, FriendlyName, Address, Mask, Type, and MAC. Clicking on "Details" provides more in-depth network information.

For Windows Devices:

Displays detailed information about the WiFi interface, including Interface number, MAC address, MTU, Metric, Description, Connection ID, DHCP Server, DNS Domain, DNS Domain Suffix Search Order, DNS Hostname, and DNS Server Search Order.

For macOS Devices:

Displays detailed information about the EN0 interface, including Interface number, MAC address, MTU, and Metric.

Step 4: Navigating Programs Tab

Displays installed programs on the device with the following columns: Program Name, Version, Install Location, Publisher, Install Date, and Last Runtime.

For Windows Devices:

  • Displayed Columns:

    • Program Name

    • Version

    • Install Location

    • Publisher

    • Install Date

For macOS Devices:

  • Displayed Columns:

    • Program Name

    • Version

    • Install Location

    • Publisher

    • Last Runtime

Step 5: Navigating Processes Tab

Displays running processes on the device with the following columns for both Windows and macOS:

  • PID (Process ID)

  • Name

  • Path

  • State

Clicking on the three dots next to a process entry provides options to view more detailed information about the process.

  • View Process Details: Opens a detailed view of the selected process.

  • View Listening Ports: This option is active only if the process has listening ports.

Step 6: Viewing Process and Listening Port Details

Clicking "View Process Details" under the three dots (ellipsis) opens a modal displaying detailed information about the selected process.

If the process has listening ports, clicking "View Listening Ports" opens a modal displaying the details of these ports.

Step 6: Navigating Services Tab

In the Services tab, you can see the services running on the device. The information displayed varies slightly between Windows and macOS devices:

For Windows Devices:

  • Name: The name of the service.

  • Type: The type of service.

  • Display Name: The display name of the service.

  • Path: The file path to the service executable.

  • Status: The current status of the service (e.g., running, stopped).

  • PID: The process ID of the service.

  • Startup Type: Indicates how the service is started (e.g., automatic, manual).

For macOS Devices:

  • Name: The name of the service.

  • Type: The type of service.

  • Path: The file path to the service executable.

  • Status: The current status of the service (e.g., running, stopped).

  • PID: The process ID of the service.

Step 7: Navigating Startup Items Tab

For Windows devices, the Startup Items tab displays a table with information about programs that are configured to run when the system starts. The table includes the following columns:

  • Name: The name of the startup item.

  • Path: The file path to the startup program.

  • Args: Any arguments passed to the startup program.

  • Status: Indicates whether the startup item is enabled or disabled.

  • Username: The user account under which the startup item runs.

Step 8: Navigating Routes Tab

In the Routes tab, routing information for both Windows and macOS devices is displayed. The table includes the following columns:

  • Destination: The destination IP address.

  • Netmask: The subnet mask.

  • Gateway: The gateway IP address.

  • Interface: The network interface used.

  • MTU: The Maximum Transmission Unit size.

  • Metric: The routing metric.

  • Type: The type of route (e.g., remote).

Step 9: Creating or Editing Device Posture Checks:

  • Navigate to Zero Trust Security → Device Posture Checks to create or edit a device posture check.

  • When adding attributes, select Timus Connect as the Data Source.

  • Choose from available attributes such as Antivirus State, Disk Encryption, Firewall, Operating System, Running Processes, Service State, Startup Items, and Timus Connect Installed.

  • If one of the Running Processes, Service State, or Startup Items) is selected, an Identifier field appears.

  • Enter the specific process, service, or startup item name in the Identifier field.

  • Define the condition and the pass value for the posture check based on the selected attribute and identifier.

The reports in Manager → Insights → Device Posture Reports will display device posture checks created for attributes from Timus Connect. This allows administrators to monitor compliance and security status effectively, ensuring that all devices meet the required posture standards based on the detailed and specific checks configured.

PreviousCreate an Administrator Sign-In PolicyNextCreate Site

Last updated