Unlocking the Benefits and Trade-Offs of Agentless Cloud Security

With 87% of organizations embracing multi-cloud migration and 72% choosing a hybrid cloud approach, according to Flexera’s 2023 State of the Cloud Report, securing cloud applications and assets has never been more pressing.

The siloed nature of a hybrid cloud architecture means that cloud security is no easy task, and cybersecurity teams often have to prioritize security actions.

To respond to a growing demand, cloud security providers are offering different tools. Traditionally, these tools use ‘agents’ which are specialized software components that are installed on devices for performing security-related actions like scanning and reporting, rebooting systems and applying patches.

Solutions that traditionally work in this way include cloud security posture management tools (CSPM), cloud infrastructure entitlement management engines (CIEM) and cloud workload protection platforms (CWPP) – increasingly packaged together under the umbrella of cloud native application protection platforms (CNAPP).

“The main challenge with these products is that you have to deploy an agent on each device, which can become difficult as doing so can clash with other departments within your company. The legal team, for instance, might not let you deploy an agent on a system that’s already been approved,” Deepinder Chhabra, board advisor at ISACA, told Infosecurity during the Cloud & Cyber Security Expo in London on March 9.

The explosion of agent-based cloud security solutions has even inflicted agent fatigue on security professionals, Jaime Franklin, head of global cloud solution sales at Uptycs, argued during a Cloud & Cyber Security Expo session.

“They're tired of having to deploy all the different agents, ensure they’re in line with the DevOps pipeline, manage them and defend how useful they are against the overhead that they have on the performance perspective. They really are looking for something different,” he said.

Read more: Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security

Agentless cloud security providers – the likes of Cloudnosys, Orca Security, Sysdig, Cyscale, among others – have emerged in the last five years to provide an alternative.

“Agentless solutions are much easier to deploy, in seconds you can capture snapshots from your cloud assets and applications on all your devices and send them back for analysis,” Franklin explained.

Full Visibility v Real-Time Analysis & Prevention

However, agentless products typically do not provide real time security analysis, Franklin pointed out.

“They are built to offer new scans every 24 hours, so if I take a snapshot scan, it's going to wait a full day for the next one – unless I ask for an ad-hoc scan. A lot that can happen within 24 hours. Agent-based solutions provide real time telemetry,” he said.

Also, agent-based cloud security solutions do not only offer security analysis, but actual prevention, Franklin noted.

“An agentless CSPM, for instance, might be better at analysing a cyber event in an open port than an agent-based one, because it will allow you to correlate different pieces of information from several parts of your system, but it won’t be able to remediate it, whereas an agent based one will,” he explained.

Agentless cloud security solutions have not killed the need for agent-based ones, Tomer Schwartz, Dazz’s co-founder & CTO, said.

"In cloud security like anywhere else, there is no silver bullet. Agentless cloud security solutions can enable organizations deploy some basic cloud security functions rapidly to large workloads. They are also particularly useful for compliance purposes,” Schwartz said during a session at the Cloud & Cyber Security Expo.

Franklin noted: "Maturity and where you are in your cloud adoption journey is key to choose between agent and agentless solutions. One of my customers told me they wanted an agentless solution because they're early in their cloud migration and have a skillset shortage. For them to try to manage the deployment of an agent didn't make sense. Agentless solutions can help them start at least doing something to secure their cloud-based assets and workloads,”

Chhabra concurred: "Maybe this agentless solution doesn't provide 100% of functionalities you were initially looking for, but at this point you’re happy with 80%."

However, organizations need to be very attentive to what they are signing up for, because the transition from an agentless to agent-based solution can also be very challenging.

“When the Log4j vulnerability broke out, some of our customers thought their agentless cloud security tool had prevention capability, which it didn’t. What some did then was to lay down a second, agent-based solution along their agentless visibility tool. Then you have multiple solutions, user interfaces (UIs), and backends to manage, which means even more complexity," he warned.

What’s Hot on Infosecurity Magazine?