Labtagon

Enterprise Inventory for Matrix42

Zero-Trust Architecture · Cloud your way · Matrix42 Native

Security First

Zero Trust Architecture

Push-based communication with no inbound firewall rules required

Push-Based

Collectors initiate all connections to the server. No inbound ports, no server polling.

  • No firewall rules on endpoints
  • Works behind NAT and restrictive networks
  • Zero listening ports on agents
  • Client-controlled frequency

Multi-Layer Security

Multiple authentication layers ensure only authorized collectors can submit data.

  • PSK Authentication for collectors
  • API Key Protection for integrations
  • TLS/HTTPS encryption in transit
  • Matrix42 native connectivity

Zero Deployment Friction

Better than all the others — Deploy in minutes, not weeks

Auto Network Discovery

LLDP, ARP, DNS — discovers switches, routers, servers automatically

No Credentials Needed

No SNMP strings, no router passwords, no credential management

Minutes to Deploy

Reduced attack surface, lower costs, minimal maintenance

High Performance

Minimal Resources, Maximum Scale

Lightweight agents that scale from 10 to 10,000+ endpoints effortlessly

20-40
MB RAM per Agent

<1% CPU when idle

10,000+
Endpoints per Server

Scales linearly

~15 KB
Per Update

Works on slow links

Configurable Collection

Adjust collection intervals to match your needs — from real-time to daily updates

  • 15-minute default — balanced performance
  • Change tracking — only send what changed
  • Configurable per agent — different intervals per group
  • On-demand scans — trigger anytime via API

Linear Scalability

Scale from 10 to 10,000+ endpoints with predictable resource usage

  • 100 endpoints: ~50 MB server RAM
  • 1,000 endpoints: ~300 MB server RAM
  • 10,000 endpoints: ~2 GB server RAM
  • Protocol Buffers — 60-80% bandwidth savings
Flexible Deployment

Deploy Your Way

Run anywhere, connect everything

Whether you're running containers, virtual machines, or bare metal — on-premises or in the cloud — Enterprise Inventory adapts to your infrastructure. Choose the deployment scenario that fits your network architecture.

Server / Gateway

Run the central server or relay gateway anywhere

Self-contained binaries with embedded database. Deploy in seconds on any platform — Docker, Kubernetes, Windows, Linux, macOS, or dedicated hardware appliances.

Container
Docker, K8s
Any OS
Win, Linux, macOS
Appliance
VM or bare metal

Collectors

Lightweight agents for every endpoint

Small footprint (20-40 MB RAM) agents that run as system services. Deploy via MSI, GPO, Intune, SCCM, or any deployment tool you already use.

Windows
✓ Available now
macOS
Coming soon
Linux
Coming soon

Three Deployment Scenarios

Choose the architecture that matches your network topology

Direct Matrix42 Native

Push directly to CMDB — simplest setup

Gateway Isolated Networks

Bridge DMZ & air-gapped networks

Standalone Self-Hosted

Full UI + Matrix42 Core & Pro

Privacy First

Privacy by Design

GDPR compliant · Read-only operations · No personal data

We can't leak what we don't collect. Your data stays yours—forever.

What We Collect

Technical metadata only

  • Hardware specs & serial numbers
  • Operating system details
  • Software inventory
  • Network config (IP, MAC, DNS)
  • System services & processes
  • Device peripherals

Zero Credential Storage

Can't leak what you don't store

No Passwords

Not in memory, config, or storage

No API Keys

No SNMP strings or router passwords

No Private Keys

Zero secrets = zero attack surface

Unlike agentless — local agents with read-only access

What We NEVER Touch

Privacy guaranteed

  • Zero credentials: No passwords or keys
  • Zero personal files: No documents or photos
  • Zero browsing data: No history or cookies
  • Zero communications: No emails or chats
  • Zero PII: No personal information
Data Sovereignty

Cloud your way

100% on-premises · No cloud dependencies · Full compliance

EU Flag European Software · Made in Germany
GDPR Native
US Flag Out of reach of US Cloud Act

Your Data Never Leaves Your Network. Ever.

No cloud uploads. No third-party servers. Air-gapped, classified, and highly regulated environments fully supported.

No Cloud Dependencies

100% on-premises. Air-gapped, DMZ, isolated zones supported.

Your Infrastructure

Deploy on your servers, containers, or VM clusters.

Your Database

Local storage. You control retention, backups, deletion.

GDPR Article 6(1)(f) Compliant

Organizations have legitimate interest in maintaining accurate IT asset inventories.

We collect only technical metadata necessary for asset management—no special categories of personal data, no profiling, no behavioral tracking. Just hardware and software facts.

Enterprise Compliance Ready

CIS Controls
NIST CSF
ISO 27001
PCI-DSS
HIPAA
SOC 2

Audit logs, data minimization, and read-only operations support regulatory requirements

Asset Intelligence

Perfected Asset Matching

Multi-layer hardware fingerprinting for bulletproof asset lifecycle tracking

Track every device from purchase to decommission—even through OS reinstalls, hostname changes, and hardware swaps

Multi-Layer Hardware Fingerprinting

Cryptographic + fallback identifiers ensure 100% device tracking

TPM 2.0

Cryptographic endorsement key

Motherboard

Serial + UUID

CPU ID

Processor signature

BIOS

Firmware serials

Fallback cascade: If TPM unavailable, uses motherboard → CPU → BIOS serials for persistent identity

Complete Lifecycle Tracking

  • OS reinstalls: Same device, new OS = same asset
  • Hostname changes: Tracks through renames
  • Network moves: Location-independent tracking
  • Hardware swaps: Detects motherboard replacements

Zero-Duplicate CMDB

  • Cloned VMs detected: Prevents duplicate entries
  • Template detection: Identifies VM clones instantly
  • Auto-merge: Consolidates duplicate asset records
  • Matrix42 sync: Single source of truth

Smart Asset Matching

  • Hardware upgrades: RAM/disk changes tracked as same device
  • Motherboard replacement: New asset record + history link
  • Stolen device detection: Hardware ID mismatch alerts
  • Asset history: Complete audit trail maintained
Asset Intelligence

Native Integration + Intelligent Insights

Seamless Matrix42 connectivity with powerful dependency mapping and observability

Not just data collection—automatic relationship mapping, change tracking, and anomaly detection

CMDB Auto-Population

Real-time asset data flows into Matrix42 Enterprise Platform

Empirum Deployment

Deploy collectors enterprise-wide using your existing infrastructure

SAM Integration

Software inventory data ready for license optimization

Intelligent Dependency Mapping

Automatically discover and link relationships across your entire infrastructure

Network Topology

Auto-link switches, routers, gateways

Asset Relationships

Device-to-device dependencies

Provider Detection

Identify vendors automatically

Infrastructure Map

Visual topology in Matrix42

Full Observability

  • Real-time asset status
  • Network topology visibility
  • Relationship graphs
  • Infrastructure health

Change Tracking

  • Hardware change detection
  • Software install/removal
  • Network topology changes
  • Complete audit trail

Anomaly Detection

  • Rogue device detection
  • Unauthorized changes
  • CVE readiness (coming)
  • Security posture alerts

Ready to Transform Your IT?

Start managing your enterprise infrastructure with confidence

Zero Trust
Push-based architecture
Zero Credentials
Can't leak what you don't store
Matrix42 Native
Seamless integration
© 2025 Labtagon GmbH · Built for IT professionals, by IT professionals