Faddom is very secure for several reasons –
The Faddom appliance it is a standalone VM installed within your own environment and scans IP addresses without the need for agents on each individual machine
No Requirement for Credentials
Faddom does not need to access individual servers; it can optionally collect details from hypervisors or cloud providers. For the permissions required see the below articles -
What are the required vCenter permissions?
Permissions required to map an AWS environment
Mapping a Microsoft Azure subscription using Faddom - section entitled "Giving permissions to the App Registration"
Your firewall does not need to be open to the internet, however some ports need to be open to allow Faddom to gather all the information.
See What ports need to be open for Faddom to function? for a full list with explanations
It Can Work Offline
Faddom can be deployed in highly secure environments, including those with no internet access and/or DMZs. Faddom will run by itself inside your environment and will not send data outside itself.
See Can I deploy Faddom completely offline?
All Data In Your Environment
Faddom does not send any information or data outside of the appliance itself. All the information is collected and stored on the Faddom server, inside your environment.
Security Is In Your Hands
As the Faddom appliance sits inside your own environment, all access and security rules are defined by yourselves. There is no need for Faddom staff or other third parties to have access.
Faddom supports integration with Active Directory or LDAP to give credentials only to whoever needs access.
Faddom does not and cannot make any changes to your environment. It shows you the environment and can highlight issues that you need to resolve.
Faddom is certified for ISO
The company is now certified as compliant with ISO 27001 standards. If you wish to see the certificate, please email firstname.lastname@example.org and we will provide you with a copy.
Faddom is certified for Penetration Testing
Faddom has undergone rigorous penetration testing done by an external third party. The testing included a re-test of all high and critical findings to assure the effectiveness of the information security system. If you wish to see the certificate, please email email@example.com and we will provide you with a copy.