Why we connect to your environment via API and not an agent on every device

Dos grandes centrales de datos unidas por un único puente de luz, rodeadas de un campo de pequeños equipos que permanecen intactos y sin conexiones encima

Why we connect to your environment via API and not an agent on every device

When a security leader evaluates an awareness platform, one of the first technical questions is usually the most telling: what do we have to install? The answer says far more than it seems. It defines how long you will take to get started, how large your attack surface becomes, and how far the platform reaches inside your people’s devices.

At SMARTFENSE we made that decision long ago, and on purpose. We connect to your environment via API and open standards, without installing an agent on every device. It is worth explaining why, because that choice has concrete consequences for the security team and for every person in the organization.

What does integrating via API instead of an agent mean?

An agent is a piece of software that gets installed and keeps running on every device in the organization. An API integration connects two systems that talk to each other through a defined interface, with no need to install anything on the user’s device.

For an awareness platform, that difference is fundamental. SMARTFENSE connects to the systems your organization already uses (the identity provider, the directory, the collaboration tools, the compliance console) and works from there. It does not need a process of its own living on each person’s corporate device.

Why did we choose to integrate via API?

There are four reasons, and none of them is incidental.

  • Less to deploy and maintain. An agent has to be installed, updated and patched across hundreds or thousands of devices. Every new version is a rollout, and every device left behind is an exception someone has to chase. An API integration is configured once, on the systems side, and keeps working.
  • A smaller attack surface. Any software installed on an endpoint is one more piece someone has to keep secure. An agent with permissions over the device is, by definition, a new point that can fail or be abused. Installing nothing on the device removes that risk from the start.
  • Deployment in minutes. Connecting to the identity provider does not require touching every machine. Syncing with the cloud directory is resolved on the system side, and the organization starts working the same day.
  • Respect for each person’s privacy. This is the point that matters most to us. We integrate with the company’s systems; we do not observe activity on each person’s device. The distance between “I connect to your directory to know who to support” and “I install something on your device that watches what each person does” is enormous for trust, and that trust is precisely the raw material of an awareness program. We explore it in the expectation of privacy in monitoring.

What does SMARTFENSE integrate with?

All integration happens at the systems level, via API and open standards:

  • Identity and users: import and authentication from Microsoft Entra ID, Google, LDAP, SAML, SCIM, Okta, Keycloak, API and Auth0, among others, included in the base platform.
  • Channels where people already work: Slack and Microsoft Teams as the delivery channel for notifications, to reach people where they already are instead of opening a channel no one checks.
  • Compliance and evidence: automatic export of the audit logs of awareness actions to tools such as SAP SuccessFactors and Vanta.
  • Enriched Risk Scoring: a connection with digital risk protection platforms such as Microsoft Defender XDR to add external context to each person’s Risk Score.
  • Custom reporting: an open API to build your own integrations with business intelligence tools such as Power BI, Looker or Tableau.

All of these connections share one trait: none of them requires installing an agent on the employee’s device. And the same logic lets you carry the signal of human behavior to where the security team is already looking, something we cover in what your SIEM does not see.

What does the security team gain with this approach?

A program that starts the same day the directory is connected, with no deployment project ahead. An attack surface that does not grow with every new device, because there is nothing to install. And a relationship with people that starts from support rather than surveillance.

For anyone who has to choose an awareness platform, the question of what to install stops being an implementation detail and becomes a signal of how the tool is designed on the inside.

The short answer

What do you have to install to use SMARTFENSE on every device? Nothing. We integrate with your systems, not with your people’s machines. It is an architectural decision we made so the program is fast to roll out, light to maintain and respectful of each person’s privacy.

You can see the full list of available options on the SMARTFENSE integrations page.

Nicolás Bruna

Product Manager de SMARTFENSE. Su misión en la empresa es mejorar la plataforma día a día y evangelizar sobre la importancia de la concientización. Ha escrito dos whitepapers y más de 150 artículos sobre gestión del riesgo de la ingeniería social, creación de culturas seguras y cumplimiento de normativas. También es uno de los autores de la Guía de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.

Leave a Reply