Teramind Components
Teramind is built on a high-performance client-server architecture designed to capture, process, and visualize workforce data and enforce security policies. The platform consists of three primary components: the Agent, the Server, and the Dashboard.
Teramind Agent
Teramind deployments require the installation of the Teramind Agent, which is a standalone application for Windows and macOS. This component captures detailed user activity on the endpoint and securely transmits that information to the Teramind Server for analysis. Beyond data collection, the Agent acts as a local enforcement tool that applies security policies and behavior rules in real time directly on the computer. The Agent is available as a Revealed version that is visible to the user or a Stealth version that operates silently in the background.
For more information about the Agent:
Teramind Server
The Teramind Server acts as the central hub for the entire deployment, receiving all activity data captured by the Teramind Agent. Once the information is transmitted, the server processes the raw data, runs the analytics engine to generate insights, and manages core system functions. Additionally, the server hosts the web-based Teramind Dashboard, which serves as the primary management interface for administrators.
Hosting options for the server are flexible and depend on your chosen deployment model. For Teramind Cloud deployments, the server is hosted on Oracle Cloud Infrastructure (OCI) data centers. Organizations utilizing Private Cloud deployments can host the server on AWS, Azure, or Google Cloud Platform (GCP). For On-Premises environments, the server is provided as a virtual machine image that customers can host within their own servers or supported data centers.
Teramind Dashboard
The web-based monitoring and management Dashboard provides an overview of what is happening in the organization. You can view monitoring reports, analyze productivity, set up users’ access, and build rules to automatically prevent security incidents, detect behavioral anomalies, and more. You can also configure all aspects of the Agent and the overall deployment from the Dashboard.
High-Level Architecture and Data Flows
The following chart and table describe how data flows between the components.
|
1 | Using the network filtering driver (proxy) Teramind Agent is able to analyze all network traffic on the machine. Agent detects high-level events (emails sent, webpages visited, instant messages, etc.), fetches all meta-information from underlying raw network traffic and creates monitoring events. |
2 | Using the filesystem filter driver, Teramind Agent is able to oversee and analyze all file-level operations happening on the computer. The Agent detects high-level events (file created, copied, etc.), fetches all metadata, and creates monitoring events. |
3 | The Agent uses other OS APIs to oversee application behavior and user activities on the system and generate monitoring events. |
4 | When there is no direct connection to the server, The Agent stores generated monitoring events in an offline data store. Once the connection is re-established, the Agent reads stored events and pushes them to the server. |
5 | The Agent streams generated events to the server. Various protocols/ports are used:
The Agent also receives configurations, monitoring settings, behavior policies & rules from the server and enforces them to the endpoint. |
6 | A web-based Dashboard allows admins and privileged users to configure the system and Agent settings, create behavior policies and rules, etc., and view reports. |