Reference · Cyber agent

How the Horizon Cyber agent works.

A plain explanation of the Cyber-mode agent: what it measures, what it produces, where its data lives, and what it deliberately does not touch. No pitch, no pricing — those live elsewhere. This page is here so the technical, security, and compliance reviewers can read what the thing actually does before signing off on a deployment.

Collectors

8

scoped to ce+ readiness

Coverage

A4 → A8

firewalls · config · updates · access · malware

Posture

Observability-only

no remote-control surfaces

01 · What it is

What it is

The Horizon Cyber agent is the security-evidence sibling of the Horizon ESG agent. It runs the same lightweight installer and reports into the same portal — but the collector set is rotated. Where the ESG agent measures watts, the Cyber agent measures the things a Cyber Essentials Plus assessor and a CIS-style topology review need to see.

It is observability-only. There is no remote shell, no remote-desktop surface, no autonomous remediation. The agent reads what the host will tell it, posts the readings to the portal, and the portal does the scoring. If a reviewer needs to know "what could this agent do on the host", the answer is "read these eight collector outputs and exit" — and the surfaces that would do anything else are not started.

For the energy / Scope 2 sibling, see the Horizon ESG agent reference. For the full operational agent that adds Proxmox, PBS, AI-model inventory, Hermes and remote support sessions, see the Horizon agent reference.

02 · What it measures

Eight collectors, scoped to CE+ readiness.

Each one is scoped to a question a security reviewer or a CE+ assessor would otherwise ask out loud.

01 · Health

Liveness signal.

CPU%, memory%, disk%, uptime. Tells the portal "the agent stopped" from "the host is genuinely quiet".

02 · Hardware

Asset inventory for CE+ A2.

CPU model, core count, RAM, motherboard / chassis identifier — read once a day. Detects hardware refreshes.

03 · Network

CIS topology view.

Interface config, listening ports, ARP table, DNS, gateway, well-known port → service mapping. Shows which boxes face the internet.

04 · Filesystem

Mount metadata only.

Mounts, usage percent, inode usage. The agent does not open files or read their contents.

05 · Software

Inventory + EOL flags.

Installed packages with versions (capped at first 2000 on Linux). Joined to endoflife.date for fifteen security-critical packages — feeds CE+ A6.6.

06 · Cybersecurity

Trivy + nmap + CIS suite.

Trivy container scanning (counts only), read-only nmap exposure check, CIS-aligned firewall / SSH / sudo / key-auth posture.

07 · Cyber compliance

CE+ A4–A8 evidence.

A4 firewalls, A5 secure config, A6 updates, A7 user access, A8 malware. Cross-platform; every field optional with graceful fallback.

08 · Sensors

Thermal & fan readings.

CPU, NVMe, motherboard temps and fan tachometers. Spot a host running hot before it shows up as a vulnerability.

Eight collectors run on a Cyber-mode agent. Each one is scoped to a question a security reviewer or a CE+ assessor would otherwise ask out loud.

Health. CPU%, memory%, disk%, uptime. The liveness signal — without it the portal can't tell "the agent stopped" from "the host is genuinely quiet".
Hardware. CPU model, core count, RAM, motherboard / chassis identifier — read once a day. Lets the portal recognise hardware refreshes and is part of the asset inventory that pre-populates CE+ A2.
Network. Interface configuration, listening ports, ARP table, DNS servers, gateway detection, well-known port → service-name mapping. Feeds the CIS topology view: which boxes face the internet, which sit behind a NAT, which expose services that should not be exposed.
Filesystem. Mounts, usage percent, inode usage. Metadata only — the agent does not open files or read their contents.
Software. Installed package inventory with versions, capped at the first 2000 packages on Linux (dpkg-query on Debian, rpm on Red Hat) and the equivalent system inventory on Windows and macOS. Feeds the CE+ A6.6 unsupported-software check against the endoflife.date database for fifteen security-critical packages (nginx, openssl, postgresql, openssh, chrome, firefox, and so on).
Cybersecurity. Trivy container-image scanning (counts by severity, no extracted contents), read-only nmap for network exposure, and a CIS-aligned check suite — firewall state, SSH configuration, update posture, sudo logging, key-based authentication.
Cyber compliance. CE+ A4–A8 self-assessment evidence. A4 (firewalls), A5 (secure configuration), A6 (security updates), A7 (user access), A8 (malware protection). Cross-platform: WMI and registry on Windows, systemctl / ufw / /etc configs on Linux, launchctl and defaults on macOS. Every field is optional with graceful fallback — when a tool isn't installed, the field is null rather than the collector failing.
Sensors. Thermal readings (CPU, NVMe, motherboard) and fan tachometers. The lightweight version of the ESG agent's sensors collector — present so the portal can spot a host running hot before it shows up as a vulnerability.

03 · What you get back

Artefacts an assessor can read.

The agent emits readings. The artefacts a security lead or CE+ assessor reads live in the Horizon Platform, populated from those readings:

CE+ readiness dashboard. A4–A8 evidence per agent, rolled up to the company. Pass / warning / fail / not-checked / not-applicable per control, with the underlying telemetry one click away. Multi-tenant: super-admins switch tenants from a pinned company picker.
CE+ readiness export. A branded PDF in IASME question-order (A1 organisation details, A2 scope inventory, A3 insurance, A4–A8 controls), shaped to match the way an operator fills the IASME portal. Hostname and IP appear in the Controls breakdown so each evidence line is traceable to a specific endpoint.
CIS topology view. Two-axis scoring: a device's local CIS check posture, weighted by its internet exposure. SSH password authentication is critical on a public-facing gateway and low-risk on a LAN box; the topology view reflects that rather than scoring every host the same.
Software EOL flags. CE+ A6.6 is auto-answered by joining your installed-package inventory to the endoflife.date community database. Versions past their support window are flagged with the EOL date and the package name; the auto-answer is offered as a suggestion the operator confirms.
Asset / scope inventory. CE+ A2 pre-populated from agent telemetry — operating system, role, location, network exposure — rather than re-typed into a spreadsheet.
CSV export. Per-endpoint evidence rows with timestamps and method labels, for the cases where an assessor wants the underlying data alongside the PDF.

04 · The boundaries

What it never touches.

The Cyber-mode agent runs only the eight collectors above. The surfaces below are not loaded — there is no code path on a Cyber-mode host that can emit them, and the server-side ingest discards them if they ever did arrive.

No file contents, no file paths beyond the mount-point summary, no application data.
No system log content (no journald entries, no Windows Event Log content, no syslog).
No process command lines or environment variables.
No browser history, cached credentials, or stored secrets.
No user account contents — the agent knows account existence at the OS level, not passwords, tokens, or session data.
No remote shell, no remote-desktop surface, no remote control. Cyber-mode agents are deliberately excluded from the portal's remote-support session feature.
No power / electricity readings — those are the ESG agent's job.
No Proxmox or PBS hypervisor APIs, no AI-model probing, no Hermes project-context surfaces. Those belong to the full Horizon agent.

The Trivy and nmap scans are read-only and run against your own perimeter from your own agent — they do not reach outside the host's network reach, and the agent does not act on the findings. The findings are evidence; the operator decides what to do with them.

05 · Data residence

Where the data lives.

Hosting. UK-hosted Postgres, single-tenant logical separation per company. Telemetry does not leave the UK.
Direction of traffic. Outbound-only HTTPS from the host to the portal. The host is never reachable from the portal side — there is no inbound shell, no listening port opened by the agent, no return channel.
Retention. 90-day rolling window by default. Fixed-period retention is configurable on request and is enforced by automated deletion.
Update channel. The agent pulls signed tarballs and checks a recorded SHA-256 before applying. A failed update rolls back automatically; a tampered tarball never installs.
Uninstall. One-line removal that leaves no residual state on the host beyond the install-log entry. After uninstall the agent goes offline in the portal within five minutes and is auto-archived after thirty days.

06 · Deployment

How it deploys.

The same installer that ships the ESG and full Horizon agents installs the Cyber agent — the mode is selected when the install token is generated, and the collector set is enforced server-side as well as in the agent.

Generate a token in the portal. Pick the company, choose "Cyber mode", copy the install command.
Run the install command on each host. A single line on Windows (PowerShell as admin), macOS, or Linux. The installer drops the agent into a known path, registers it as a service or LaunchDaemon, and exits.
Wait a minute. The agent registers itself with the portal on first run; the first evidence readings land within sixty seconds. The CE+ Controls tab begins populating once a handful of readings exist.

A Cyber-mode agent can be upgraded to a full Horizon agent (or downgraded to ESG) by issuing a new install token — the collector set is enforced from the server side, so the change takes effect on the next agent check-in.

07 · Honest scope

What we won't claim.

An honest list. We'd rather name the gap than pretend it's solved.

CE+ evidence, not CE+ certification. The agent and the portal produce the evidence in the shape an assessor expects. The certificate itself comes from IASME or one of their certification bodies; that step belongs to the operator, not the tool.
CIS-aligned, not CIS-certified. The check suite is built against the CIS controls but is not a CIS Benchmark assessor and is not assured by the Center for Internet Security.
EOL data is community-sourced. The A6.6 auto-answer joins your inventory to endoflife.date, a community-maintained database. It is accurate enough to flag the obvious cases (e.g. an OpenSSL release past its OpenSSL Project support window) — it is not the only source we'd expect an assessor to consult for a borderline call.
Auto-answers are suggestions, not sign-offs. Where the agent can populate a control answer from telemetry, it does — and presents it as a draft for the responsible operator to confirm. The CE+ submission is the operator's, not ours.
Scope: the hosts running the agent. The CE+ scope inventory reflects what the agent sees. Out-of-scope endpoints (BYOD, contractor laptops, isolated lab kit) still need to be enumerated through the normal CE+ process.

08 · Related reading

Horizon ESG agent

The energy & Scope 2 sibling: the same lightweight agent, rotated to a power / sensors / hardware collector set, feeding the ESG Reporting tab.

Read the ESG agent reference

Horizon agent (full)

The full operational agent: everything the Cyber and ESG agents do, plus Proxmox, PBS, AI-model inventory, Hermes, system logs, and operator-initiated remote support sessions.

Read the Horizon agent reference

Measurable AI

The methodology pillar for the sister product: how source telemetry becomes a defensible figure, with disclosed factors and accuracy bands.

Read Measurable AI

Next step

See it in the platform.

The Cyber agent is one of three modes shipped by the Horizon Platform. See the readiness dashboard, the IASME-shaped PDF export, and where the rest of the platform sits around it.

See the platformSee the platform Bring a workload

No deckNo sales pressureWe'll tell you to wait if you should

Or email a workload to hello@althorizon.co.uk — one-page model back in 48h.