Our monitoring systems run on cloud servers in multiple hosting facilities [the rectangle in the diagram represents one facility].
We also check the pages against the Google Safe Browsing database which monitors for malware distribution sites. If GSB reports there’s malware on the site we’re monitoring, or any site it connects to (several levels deep), we send a notification.
The monitoring systems are tightly secured and unlikely to be compromised because they expose nothing to the outside world. In the event one of them fails, another takes over. Monitoring of any given URL may shift from one physical facility to another over time, and new monitors (that hackers cannot discover) sit quietly waiting for deployment.
For many server configurations there are additional tools we can put in place. These software tools are installed on the servers themselves. They examine the site, or database, or other service, from the “inside” rather than the outside, watching for telltale signs of compromise.
If a system is breached, these smart agents can detect it rapidly, and we can then send alerts to your security team. These agents are still passive, in the sense that they do not open up any communications with the outside world — they only report back when they’re asked how they’re doing.