RouterHawk® is a patented design that revolutionizes monitoring and protecting network routers.

Advances in cybersecurity have led to an ever-increasing sophistication in malicious software and attempts to compromise networks. Often overlooked by computer security products, routers are vulnerable, and an entire network’s traffic and availability can be jeopardized if a router is compromised.

RouterHawk® employs a software agent installed directly on the router to continually monitor for changes. If RouterHawk® detects a compromise, it alerts the administrator through one of several configurable methods.

Product Overview

RouterHawk® is a unique tool that facilitates real-time monitoring of any and all changes made to the key software components of routers. RouterHawk® uses agents to monitor for changes made to the router and it reports any changes to a management dashboard. The dashboard can send alerts to administrators in the event of an attack.

Any changes to the router will be detected, so attempts to exploit a vulnerability will be captured, even if the vulnerability is unknown to the public or manufacturer. Attempts to make malware persist through a power-cycle will also be captured.

A sophisticated verification algorithm compares the router’s active operating system, bootstrap software, and run-time characteristics to known good versions. When differences are detected, the management dashboard alerts the administrator.

Features & Benefits

RouterHawk®’s patented design consists of two components: an agent that runs on the router, and a management dashboard that runs on a separate computer.

Agent Functionality

  • Continuously scans for changes to potential target areas (executable code, function pointers, bootstrap software) of each router on which it is installed
  • Monitors the CPU’s MMU (memory management unit), file system, and other volatile and nonvolatile storage for changes
  • Direct, low-level access to system hardware and memory gives the agent the ability to locate sophisticated malware and other changes that may be hidden from high-level scans
  • Communicates with the management dashboard via heartbeat messages
  • Logs data to the enterprise logging system separately for each device

Management Dashboard Functionality

  • Provides status information, alerts and logging for each router upon which an agent is installed
  • Stores a known good copy of the bootstrap software, operating system and specific run-time characteristics for each router
  • Recreates the operating environment for the router each time it is booted
  • Compares the results of the agent’s scans to the known good state and notifies the administrator when there is a discrepancy
  • Uses heartbeat messages: to know which devices are currently online; to ensure that security has not been disabled; and, to convey data for comparison with the known good state
  • Uses challenges to ensure that the agent has not been tampered with or is being impersonated
  • Issues alerts to assigned administrators via text message, page, or email
  • Configurable to issue audible and visual alerts and run custom scripts
  • Logs data to the enterprise logging system

For More Information

Please call or email us to learn how RouterHawk® can secure your routers.

  • Email:
  • Phone: 703.865.3006 x701 – Dan Sherwell