When researching how to start with or even improve cloud security, it won’t take long to stumble upon some sort of agent versus agentless argument for cybersecurity controls. It comes up so often, it’s quickly becoming the security industry’s Vim versus Emacs or tabs versus spaces schism.
Similar to those other arguments, the agent versus agentless debate is a straw man. In other words, it provides us with something to criticize in order to achieve a specific outcome instead of an honest discussion of what’s best for an organization. All too often, that outcome is motivated by the architectural approach of a preferred tool.
Taking a step back to view the argument objectively reveals that there isn’t really a debate at all. In fact, the best approach is to leverage the power of both.
Also see: Top Cloud Companies
History of Cybersecurity Agents
An agent is an extremely useful program that runs on your systems. It’s there to take action or gather data and report results back centrally. Agents are often used for systems management, automation, and cybersecurity.
However, in the early days of the cybersecurity industry, agents had a bad reputation for consuming large amounts of system resources. They could destabilize systems and cause more trouble than they were worth.
But, modern agents are highly optimized and efficient. They use their position to gather unique data to drive insights that aren’t available using other approaches.
What is Agentless?
An agentless data gathering approach involves connecting security controls directly to a cloud service provider in order to gather data about how a company is using its cloud environment. Like the agent, this approach opens up access to data that’s not available from servers and containers.
Each action taken in the cloud services used to build solutions is logged by the cloud service provider. This data trail is critical to understanding how you use your environment, and it’s what is gathered through an agentless approach.
For services that run containers and servers, there is some overlap in the data available. How much CPU is being used, available storage space, network bandwidth available, and other common data points can be polled by either an agent or agentless approach.
However, there’s a set of control plane data that’s only available from outside of those services and containers. Not to mention the cloud services that don’t have the ability to run an agent. These managed services are a valuable piece of your cloud solutions, and you need visibility into their actions as well, but they can only be accessed through an agentless approach.
Also see: DevOps, Low-Code and RPA: Pros and Cons
Strained Relationships With the Security Team
While both agent and agentless approaches provide access to unique data, the problem with deploying them is often not due to technical limitations but the relationship between the security team and the builders.
Security teams are there to support the business, ensuring that it achieves its overall goals while effectively managing the cyber risks. Broadly, these teams simply don’t have enough time, people, or resources to build the security practice needed to achieve the business’s goals.
That makes coordinating and communicating with other teams extremely difficult. And it gets even harder for organizations that are further along in their cloud journey and have even more teams building that should be coordinating with security.
For those teams trying to build a solution, they’re trying to find the best reasonable solution to the business problem their organization is tackling. They want to make sure the solution is reliable and secure but also that it is performant, reasonable, simple to run, and not cost-prohibitive. And they need to move quickly toward deploying that solution for the benefit of the business.
This creates a strain between the security team and the rest of the business, as they implement differing methods toward meeting the business’s overall goals.
Both Agent and Agentless Approaches for Increased Visibility
Despite the differences the security team and builders might think they have, in reality, they are working toward the same objective—building resilient solutions that securely meet the business’s goals.
In order to achieve those goals, you need visibility into your cloud environments, which can be gained from the data that is only available through agent and agentless connections.
In short, the agent versus agentless debate obscures the real issue. Security is one of several critical areas of a well-built solution. Teams need to work together in order to ensure a strong, secure, and resilient solution – whatever combination of methods is required.
About the Author:
Mark Nunnikhoven, Distinguished Cloud Strategist, Lacework