Agent or Agentless approach?

02.10.2018 10:30

Some say, that both agent and agentless approach in IT security has its own advantages and disadvantages.

In general, agents as small pieces of software are often seen as efficient and reliable way of gathering lots of data from a system they are installed on while agentless approach relies on industry standards to provide information about monitored environments.

As a security officer you don’t control one single system such as database cluster or an email server, but whole diverse environment containing lots of different systems changing continuously as admins do upgrades and install new systems to suit business needs. You have to rely on industry standards, management protocols to be able to monitor and secure every kind of a system, from a network switch to complex banking transaction system.

Installing an agent means, that you take the responsibility…

for its maintenance, troubleshooting, connectivity issues not mentioning, that such agent has to work on high privileges to be able to gather data. All this costs valuable time which means is less efficient from your perspective. On some systems you’re simply not able to install any kind of an agent, because vendor does not allow you to do so. Such situation occurs obviously on routers, access points or other parts of critical infrastructure, but also think on cloud services which become more and more popular. Since there is no place for an agent there, such approach fails completely.

“Allow all” vs. security policies

Since agents have to support variety of systems, they are not always standardized in a way, which allows you to build security policies to protect access or privileges, so you often end up with “allow all” model which is far from being secure. Using a standardized management protocol is a key to success here. Last but not least, using an agent means simply paying a tax in a form on additional CPU, memory and often disk I/O utilization on monitored system, so it is better to have those resources free for business related tasks.

Using agentless approach in cybersecurity means, that you’re in control of the environment rather than only monitor it.

You focus on actions taken by system administrators or automated, launched periodically by various daemons and other software. You can focus on processes, following procedures and IT governance. This also means, that your security policy or AI assisted behavioral analytic can even prevent unwanted action to be taken! So agents are bad, right? Not exactly. For monitoring, they’re still exceptionally good in some cases, but if you consider security seriously, move towards agentless solutions as soon as possible.

Are you interested in a demo of Fudo Security solution?

Visit our website and schedule it here.