Outbound-only monitoring

Every server.
Every switch. Watched.

Arqos monitors your infrastructure through a single 9 MB agent that only talks outbound. No VPN. No inbound rules. Nothing for an attacker to find.

Get early access60-second install · free during pilot

outbound-only TLS 1.3  /  no inbound ports  /  no remote execution — by design

Acme Industrial — fleet14 devices · 1 warning
dc-01servercpu 11%
esxi-02hypervisorcpu 64%
core-swswitch0.4 ms
nas-01nasdisk 81%
edge-rtrrouter1.2 ms

01

Nothing to open

Agents and the LAN probe push encrypted reports out on port 443. Your firewall config is untouched — monitoring a client site requires zero network changes.

02

Switches too

Network gear can't run agents. One probe on any machine polls switches, routers, and NAS over the LAN and relays their health outbound.

03

Telemetry-only

The agent has no command channel. Even a full compromise of our cloud yields read-only graphs — never code execution on your servers.

Installed before your coffee brews

One binary, one token. The agent enrolls itself, gets its keys, and starts reporting in under a minute.

$ arqos-agent enroll --token et_4f29…

[•] enrolled as device dc-01

$ arqos-agent run

[•] report sent (cpu 11.2%, mem 31.0%, 2 disks)