Elizabeth Ireland, nCircle : Agentless Comes of Age, Centralized Administration Enables Agentless Technologies
April 2009 by Elizabeth Ireland, Vice President, Marketing at nCircle
The debates rage on. Creationism vs. evolution. Conservative vs. liberal. Chocolate ice cream vs. vanilla. Agentless vs. agent-based security and configuration auditing systems. Well, maybe the last one hasn’t reached a level of zealous fervor yet, but it’s many an IT professional who has dug in his heels to staunchly defend agent-based technologies or to tout the benefits of next generation agentless systems.
In the end though, agentless systems are likely to be victorious as the preferred means of network security and configuration auditing for several reasons:
• significantly faster to implement
• cost less to own and operate
• provide coverage of devices that cannot support an agent
• scale more easily to cover large numbers of assets
• support heterogeneous assets in distributed or centralized locations
These are clearly compelling reasons, especially in a world where the risk to an organization through unauthorized configuration changes, done either internally or externally, can be significant. Money, resources and time are always scarce, and IT environments get more expansive and harder to control and audit every day.
In environments where security and compliance auditing systems must scale to large numbers of users or implemented in highly distributed networks, agentless solutions are fast becoming the preferred choice. Why? Because of the widespread adoption of centralized administration and authentication technologies.
Active Directory for Windows was introduced in 2000 and today, some form of directory-based authentication exists for every major operating system. Centralized administration is the key enabler of agentless systems and is driving their ever-increasing popularity.
Centralized authentication systems provide single sign on (SSO), allowing users to authenticate themselves across a variety of applications, systems and services with one set of credentials. Centralized administration relies on one directory and eliminates the need for administrators to create and manage accounts for every device on the network, something that would be very difficult to manage across hundreds or thousands of devices.
Agentless systems take advantage of centralized authentication to scale to large numbers of devices with minimal administrative burden. Without centralized administration, every computer needs to have its own account of authorized users. To perform a scan under that scenario, an agentless system would need unique credentials for every device on the network. The maintenance load for administrators would be similar to that of agent-based software, eliminating one of the key benefits of agentless technologies.
Because they don’t require software to be installed on every device, agentless technologies are far easier and faster to roll out and manage over large numbers of systems. The ‘time to value’ for agentless technologies is typically measured in hours, rather than days or weeks. An IT security professional can bring an agentless system online in as few as three hours, without having to seek permission from other departments. Agents typically can only be deployed at the rate of 10-20 per day, after permission and access to the target system is granted. Agents may also be required to run with root authority, taking control out of the hands of the system administrators.
Agentless systems are not invasive, and they are easier to maintain over the long term since updates only affect a handful of servers. From a network control perspective, agentless systems can solve critical IT problems without creating turf battles – IT security staff can implement and maintain them with or without the cooperation of other departments or the need to install proprietary software on equipment owned by others, such as business partners.
Agentless systems can detect and monitor all devices on the network, such as routers, switches, firewalls and other devices that cannot support agents but still can become vulnerable with configuration changes. And very critically, the only way to find rogue systems is using an agentless solution. If they’re rogue, then by definition they do not have agents installed. Agentless systems can’t be disabled by users like agent-based systems. And when it comes to unknown devices on the network, what you don’t know can definitely hurt you and can certainly impact your audit results.
Utilizing centralized administration and authentication, agentless systems can log into target systems across an entire network using single sign on credentials, just as a user or administrator would. Once in, they can check security settings, find out what software is installed and what updates are needed, while detecting any changes or trouble spots that would indicate a violation of security policy or a vulnerability.
Agentless systems are able to consolidate data from all network devices into reports that can alert systems administrators to maintenance needs or breaches—all without the need for any software installed on assets and without the need for administrators to manage authorization for hundreds or thousands of transactions.
Given the cost savings and significant reduction in maintenance headaches, most IT and security professionals would have probably favored agentless technologies all along had centralized administration been available, but because there was no seamless way to manage credentialing, agent-based systems seemed like the only viable alternative.
Agent-based technologies remain widely used and may still be an acceptable solution for some situations, but thanks to centralized administration, they’re not the only game in town. A whole new way of streamlining administration and authentication has opened the door for agentless technologies that give IT and security departments broad new levels of flexibility, provide audit capability on devices that cannot support agents, help control costs, and significantly reduce maintenance burdens across an ever-expanding pool of users, devices and distributed environments.