Security
Lookout monitors infrastructure, so it’s built to meet the standards it measures. Security is a design constraint, not a feature bolted on later.
Agents are outbound-only
The agent never opens a listening port. It only makes outbound connections to your control plane. That means no inbound firewall rules on your servers, and no listening service for an attacker to reach — a meaningful improvement over legacy agents (like Nagios NRPE) that listen on a port.
No shell, no injection
Every command the agent runs is invoked directly with fixed arguments — never through a shell, and never with untrusted input interpolated. There is no command-injection surface.
Least privilege
- The agent reads OS-native sources to gather inventory; run it as an unprivileged, isolated user (e.g. systemd
DynamicUser=yes). - It collects only what’s needed to assess health — not your secrets, credentials, or file contents.
Authenticated reports
Agents authenticate to the control plane with a shared enrollment token, compared in constant time so it can’t be guessed via timing. Report bodies are size-capped to prevent abuse. Always run the control plane behind TLS.
Your data stays yours
- With an on-prem deployment, everything stays in your infrastructure — nothing is sent to us.
- Rotate the enrollment token any time.
- The dashboard is a single service you control; put SSO + MFA in front of it with Cloudflare Access or your proxy.
Honest about claims
We harden Lookout, threat-model it, and scan dependencies — but no software is ever “zero vulnerabilities,” and we won’t claim it is. Likewise, Lookout is built to align with NIST CSF, HIPAA, SOC 2, and GDPR controls and to produce the evidence an auditor needs; compliance certification is an organizational audit process, not something software alone provides.
Reporting a vulnerability
Please report security issues privately through our contact page. We’ll acknowledge your report and keep you updated as we investigate.