Overview
Sentry is Scout’s real-time network defense suite. It continuously monitors traffic within the protected VPN environment to detect, analyze, and block suspicious or malicious activity before damage can occur.
By combining an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS), Sentry provides layered protection that inspects every packet entering or leaving your network using dynamic threat intelligence and behavioral baselines.
This integrated approach transforms your network from reactive to proactively defended, giving administrators continuous visibility into emerging risks and automated responses that minimize exposure.
How It Works
Intrusion Detection System (IDS)
The IDS observes and analyzes network traffic across all connected Scout routers and peers. It inspects packets for known attack signatures, malware patterns, and anomalous behavior that might indicate compromise or policy violations.
When a potential threat is detected, Sentry automatically generates an alert visible on the dashboard in:
These detections help administrators identify compromised devices, policy misconfigurations, or new threat campaigns affecting their environment.
Intrusion Prevention System (IPS)
While the IDS identifies issues, the IPS actively blocks malicious or suspicious connections as they are detected. This rapid prevention stops ransomware, exploitation attempts, and unauthorized internal movement before they spread.
Administrators can fine-tune IPS behavior by:
- Adjusting block aggressiveness through configuration profiles
- Reviewing blocked events in dashboard metrics
- Submitting allowlist requests for legitimate business services that may be caught by filters
This balance of automation and control ensures security without unnecessary disruption.
Continuous Risk Tracking
Every event Sentry detects or blocks contributes to Scout’s risk analytics. These insights power ongoing improvement across the dashboard, including metrics such as:
By tracking these indicators, administrators can measure how well the network detects, responds, and adapts to evolving threats over time.
Configuration
Sentry is fully preconfigured for all Scout networks. It updates its detection signatures and threat intelligence feeds automatically, ensuring your protection evolves alongside the threat landscape.
Optional configuration options include:
- Allowlisting trusted internal or vendor services
- Adjusting IPS sensitivity for specific operational needs
- Reviewing alert patterns to fine-tune visibility thresholds
Sentry operates transparently within the Scout VPN, providing enterprise-grade network defense without requiring endpoint software or manual tuning.