Security Posture Best Practices

Device Monitoring in Vanta

  • Updated

What is device monitoring?

To build a strong security and compliance foundation, organizations need to be able to view, manage, and secure devices, such as laptops and desktops. Through Vanta, you can monitor your company’s computers, track that every employee has a computer that is monitored, and ensure your company’s computers are secure. Companies typically monitor their devices through Mobile Device Management (MDM) software. For customers that don’t have an MDM, Vanta offers the Vanta Agent as a lightweight device monitoring tool. Learn more about the Vanta Agent and MDMs.

What does the “Require device monitoring” task track?

When the “Require device monitoring” task is assigned to an employee, it tracks that the employee has a computer that is monitored in Vanta (either through the Vanta Agent or an integrated MDM). The task will automatically pass if the employee has a computer owned by them in Vanta. You can see all the computers in your account and their owners on the Computers Page.

Assigning the “Require device monitoring” task to personnel

Assign device monitoring tasks to your employees by adding the task to the relevant group(s). Then:

  • Using Vanta Agent: Within the device monitoring task, select “Prompt employees to install the Vanta Agent”. If this is selected, employees with this task will be able to log into Vanta and install the Vanta Agent onto their computer. Once they do so, the computer will appear in Vanta and the task will be completed.
  • Using MDM: Select “Don't prompt employees to install the Vanta Agent”. If this is selected, employees with this task will be required to have a computer monitored by your MDM, and they will not be able to download the Vanta Agent.

 

We recommend monitoring the computers for all your employees. In some cases, companies use contractors who don’t want their computers to be monitored. If this occurs for you, you can assign this task to just full-time employees by creating a full-time employees group and assigning the task to that group.

 

What information does Vanta track for each computer?

Once a computer is in Vanta, we track the following information on the Computers Page. Each of these statuses are required for compliance:

  • Antivirus installed: This status tracks whether antivirus software is deployed on the computer. Vanta determines this by checking whether the computer installed one of the antivirus softwares on this list. Learn more about how Vanta detects antivirus for Kandji, JumpCloud, and Microsoft Intune.
  • Hard drive encrypted: This status checks whether the computer’s hard drive is encrypted. Learn more.
  • Screenlock enabled: This status checks whether the computer has screen lock enabled after at most 15 minutes of idle time. Learn more about screen lock for MacOS and Windows.
  • Password manager installed: This status checks whether the computer has a supported password manager installed. Vanta determines this by looking at the apps installed on the computer. If the Vanta Agent or JumpCloud MDM monitors the computer, we will also check Chrome extensions on the computer.

Using the Vanta Agent

The Vanta Agent is a lightweight program designed to run in the background of your computer and monitor your computer for common compliance requirements. It uses OSQuery to detect specific settings and applications installed on the devices. It has a very low-performance impact: once you install the app and register your device, you shouldn’t notice it. Learn more.

The Vanta Agent is ready to be used with your Vanta account; no extra configuration is necessary.

To prompt your personnel to install the Vanta Agent onto their computers, assign them the Require device monitoring task with the Prompt employees to install the Vanta Agent option enabled.

 

Integrating an MDM with Vanta

If your MDM is supported by Vanta, you can integrate it with your account from the Integrations Page.

Should I use the Vanta Agent or an MDM?

The Vanta Agent is a lightweight software recommended for smaller companies (fewer than 75 devices). For larger companies, we recommend purchasing an MDM, which has additional features such as enforcing security policies. Learn more.

Viewing your companies computers

You can view all of your company’s computers on the Computers Page. This page also lists each computer’s owner, how it is monitored, its operating system, and the statuses above.