Why 2023 is the year to go agentless
We are in the age of digital transformation projects, migrations to the cloud, remote working and IoT (Internet of Things). It’s a crisis of complexity. Network growth is accelerating and security is struggling to stay on top.
Attackers always have the advantage – just one gap in your defences is enough for them to get in. The more complex your IT becomes, the more gaps attackers can find and the easier you are to attack. To plug those gaps, you need to first see them – you need an accurate, up-to-date view of all your assets.
An IT “asset”, is piece of software or hardware within an IT environment. Knowing your assets is essential for security – you can only protect what you can see.
Traditionally, asset management has been agent-based. Although agent-based asset management offers deep insight into your IT landscape, it’s struggling to keep up with today’s IT needs. It comes with disruption, stale data and high workloads. As these issues are compunding, it’s creating a demand for a more elegant solution.
Why asset management software is struggling
Asset management was never designed for security, it was designed for ITIL (Information Technology Infrastructure Library). Basically, it is IT maintenance software repurposed for security, and it’s age is starting to show.
Traditionally, asset management has been done through a combination of active scans and agents.
The biggest issue with active scans is that they’re disruptive.
Active scans are probes sent out to discover what’s on your network. They generate large amounts of network traffic, disrupting everyone else using it.
Some devices or services don’t even respond to the scans, meaning they won’t be found, leaving gaps in your asset inventory. Adding to this, it misses any assets that are offline during the scan. So, when you’re scanning, you’re disrupting workers. So you scan infequently and at downtimes to avoid this. But then you end up with poor visibility, since there’s less devices online during the scan. On top of that, scanning only provides a “snapshot”, so you can’t fill those gaps until the next scan. As a result of all this, organisations struggle with a poor view of their IT landscape. You’re working from stale data and frustrating guesswork, constantly working around others.
Another issue is the need for agents.
Active scans don’t gather enough information on their own, so you also need to install agents (information gathering software) on devices to actually perform security functions. But instaling them is no simple task. Almost every IT team faces an enormous, ongoing workload of lowering the number of “unmanged devices” (when a scan reveals a device, but there is no agent installed).
Let’s say you find out there’s an unmanaged device from a scan, how do you install an agent on it if you don’t know where it is? Scans don’t provide enough information to pinpoint devices, meaning there’s a lot of manual device hunting. And remote working has thrown an extra spanner in the works here. With the acceleration of today’s IT, this workload is just becoming too much, and really highlights how cumbersome this process is.
With IoT, “smart” devices now a part of everyday life. This presents a new challenge for security. Smart devices are not just appliances. They are computers with network access, meaning they present a route of attack for opportunist hackers. But since they are new, they suffer from immature security features, making them especially vulnerable to attack. And since they are not traditional assets, traditional asset management does not work for them. You can’t manage IoT devices with agents, the support just isn’t there. Many IoT devices don’t even respond to active scans in the first place, meaning you can’t even see them.
So why agentless?
Agentless asset discovery can find any asset as soon as it connects to the network, with no extra installations. It’s much simpler, it can reduce workloads and improve security with no disruptions.
Agentless asset discovery tools use different techniques to identify assets on a network, such as network topology mapping, SNMP polling, and passive monitoring of NetFlow data. These are much lighter on the network, meaning there’s no disruptions and you don’t have to worry so much about working around others. You can see what you want, when you want.
Passive monitoring, for example, can detect devices and applications by analysing the traffic passing through the network, without needing to install any extra software. This can identify devices that are not visible through active scans, such as IoT and other non-computing devices, providing better visibility and better security.
Agentless asset discovery also provides continuous monitoring, which means that organisations can track changes in their network environment in real-time. This allows them to identify new devices or applications and track changes in their configurations, reducing the risk of security breaches and ensuring compliance with regulatory requirements.
Agentless asset management is rising in demand. You can see many passive network monitoring products, that were initially designed for network operations, that are now shifting gears and repackaging themselves as security products. But these products are still in their infancy in terms of security, they aren’t fleshed out yet with proper security features.
However, Rebasoft offers a security-first, agentless cyber security solution with 10+ years of development, built from the ground up to use real-time data.
Find out more:
