This post was originally published to The New Stack here.

There are two approaches to deploying cloud security software. One – the agent-based approach – is tedious, difficult to manage and leaves you prone to gaps that may severely constrict your visibility into security risks, as well as your ability to respond to them quickly.

The other approach – called agentless security – is not only much easier to administer, but also leads to better outcomes in most cases.

Keep reading for a breakdown of agent-based vs. agentless security, along with tips on when each approach does or doesn’t make sense.

What Is Agent-Based Security?

Agent-based security is the deployment of software agents on each endpoint that businesses need to monitor and secure. The software agents are responsible for collecting data from the endpoints. They may also be used to enforce security rules or take action on endpoints.

Advantages of Agent-Based Security

An agent-based strategy has been the way businesses traditionally approached security. 

That’s because agent-based security offers the advantage of a simple, straightforward means of monitoring and controlling endpoints. Agents don’t require security monitoring platforms to create any special integrations with third-party services (like cloud providers’ APIs) to collect the data they need.

Disadvantages of Agent-Based Security

On the other hand, agent-based security poses several challenges:

  • Tedium: Deploying agents is a time-consuming process. Even if deployment is automated by software tools, engineers still have to configure the tools and monitor agent deployments to make sure they proceed as expected.
  • Lack of universal support: Agents may not support all endpoint operating systems or configurations. This is especially challenging for businesses whose infrastructure includes resources like IoT devices in addition to standard servers and PCs.
  • Resource overhead: Agents consume resources when they run. That means agent-based security can increase a business’s overall infrastructure spending. It may also deprive actual workloads of the resources they need to perform adequately, especially during periods of peak demand.
  • Missed endpoints: You can’t deploy agents to endpoints that you don’t know about – and many businesses don’t know about all of their endpoints due to practices like shadow IT (meaning the creation of IT resources by employees who act without official approval).
  • Out-of-date agents: Agents need to be kept continuously up to date to handle the latest threats. But updating agents can take time, which means attackers may start actively exploiting a new vulnerability before agents are updated and IT teams are made aware of it.

For all of these reasons, agent-based security can be challenging for businesses with complex IT environments that change quickly.

What Is Agentless Security?

Agentless security is an approach to securing resources without deploying agents to each one. Instead, agentless security solutions typically work by scanning and monitoring endpoints from the “outside” rather than running utilities directly on them. They can do this by examining information that’s available over the network, as well as parsing the configuration data that governs resources. In addition, some agentless solutions integrate with cloud providers’ APIs to obtain additional data about workloads without having to deploy agents directly alongside those workloads.

Advantages of Agentless Security

Agentless security offers several advantages from an administrative, performance and coverage perspective:

  • Fast and simple deployment: Because there are no agents to deploy, agentless security solutions can be up and running in minutes, rather than hours or days. In addition, engineers don’t have to worry about managing a complex deployment process.
  • Coverage: By scanning all workloads from a central location – as opposed to attempting to deploy agents to each workload – agentless security platforms are better positioned to identify and secure all IT resources, even those that the central IT department doesn’t know about.
  • Performance: Agentless security doesn’t increase the load placed on host infrastructure, so it doesn’t negatively affect workload performance or increase infrastructure costs.

Disadvantages of Agentless Security

The primary disadvantage of agentless security is that, in some cases, it provides less control. If agents don’t run directly alongside workloads or on individual endpoints, it can be more difficult to manage network settings on an endpoint-by-endpoint basis, modify the local operating system and so on.

That said, for cloud-based workloads, many of these tasks can be performed via cloud APIs – without requiring software agents. Thus, for cloud workloads in particular, agentless security doesn’t require much compromise when it comes to how much control teams have over workloads.

Conclusion: Choosing Between Agent-Based and Agentless Security

To sum up, agent-based security works best for simple workloads that don’t change frequently, and consist of standard configurations and operating systems. Meanwhile, agentless security is ideal for complex, large-scale environments where new workloads are constantly spinning up and down. Agentless is also great for cloud-based environments, where agentless security platforms can leverage cloud APIs to implement much of the functionality that has traditionally been provided by agents.

So, agent-based security isn’t always inferior. But in today’s cloud-centric world, agent-based security often falls short. It significantly increases the time, effort and cost required to run security software without offering benefits that agentless security architectures can’t also provide. Except in rare circumstances, agentless is usually the faster, simpler, more affordable way to go.

Orca Security is proud to offer the first agentless cloud security technology featuring the deepest and widest visibility into cloud workloads and associated risks. To learn more about agentless security and Orca’s cloud security platform, you can download the SideScanning technical brief or register for a free cloud risk assessment.

Further Reading