This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management. Let’s look at operational considerations that also have an impact on the agent-based/agentless decision:
- Is this really worth the effort? As I said in part 1, depending upon your organization, there may be very different levels of effort involved in implementing and running an agent-based in comparison to an agentless solution. Involving the teams that will be implementing and managing the solution in the decision making process will let you balance the security benefit against the operational impact. You may also find that, although both options meet your security needs, one is a much better fit in terms of operations.
- Does your implementation schedule fit everyone else’s? There is no point buying something and just hoping it can be deployed by a certain date. You need to include everyone that is going to be involved as early as possible. Even if you have the luxury of time to deploy a solution, involving your operations department will be greatly appreciated. Making other work stop because of your bad planning will not win you any friends and could impact projects designed to make your organization money.
- Will this impact our systems? Agents used to have a bad reputation, so some organizations are still very resistant to installing them. The truth is that agents have taken advantage of the additional computing power and the improved stability of modern operating systems to become just like any other enterprise class application in terms of uptime and availability. Another key factor to note is that once an agent is installed, there is very little in terms of updates to the code. This means that there is little in terms of ongoing change that needs to be managed. Agentless solutions also touch the systems that they get information from. Whether it is via querying network connections or actually logging in and downloading information, these agentless activities still need to be tested.
- Will the new agent play nice with others? Contention between agents is one area that still needs some careful scrutiny. If you have more than one agent from different providers doing similar things--for example, different security products on the same server--you really need to make sure that they will play nicely with each other.
- Will this impact our network? Both agent based and agentless solutions leverage the network but in very different ways. The most obvious thing to think about is the amount of bandwidth that will be consumed. Most enterprise networks are going to be able to handle this, but it is still something to be aware of. The frequency of scheduled agentless scans and how often agents send data will determine how much load occurs and when.
- Is this right for our network? An agentless solution only works if the scan engine can talk to the target system. This is important as your network architecture has to allow the scan engine to get to all the targets. If you segment your networks, you will need to consider these factors in your deployment architecture. Though agents-based solutions will always be able to collect the system information, they still need to be able to talk to their management servers.
- What about impact to other processes? Though this should be taken care of when you consider the impact to systems and the network, many organizations schedule agentless security scans to occur during change windows because these are times when impact to business processes is at its lowest. However, change windows are also going to be the times that any necessary network or system downtime will occur. If an agentless solutions cannot connect with its target, it will not be able to complete its objective. If you have a volatile environment where systems are always changing, the benefit of always-on agents is definitely something to consider.
Security experts choose to do security because we want to “do security,” but unfortunately nothing in life is that simple. The important thing to get right in making this decision is not just the best fit for the identified security objectives. You also need to get the best fit for your organization in terms of ongoing management. The only way to do this is to involve everyone who will be involved in the implementation and operation of the solution as early as possible. Not only will this help ensure that you will choose the solution that is the best fit for your organization, but it will also greatly improve the chances that your selection is a success in reducing security risks. And after all, this is the ultimate goal. Title image courtesy of ShutterStock
