Agentless security provides visibility into the threats in your environments, without requiring the installation of software-driven agents.
Under the agent-based model, each of your hosts must run a monitoring process that collects data from the host's environment and sends it to your security service. Agentless security removes this requirement by having the service collect data itself, using cloud provider APIs and metadata.
Agentless is easier to set up and maintain because you don't need to configure an agent on each of your hosts. This reduces friction and ensures effortless coverage of your cloud resources. Moreover, agentless security can directly reduce your attack surface by eliminating the risk posed by network-connected agent processes.
Agentless and agent-based systems are both valid approaches for cloud security. There is no single right answer when deciding which to choose, as each comes with its own advantages and drawbacks.
Advantages of agent-based security
Agent-based security is generally seen as the traditional method. This is mainly because it's broadly understood and matches expectations of how security solutions should be administered. While the setup is more complex and laborious, it can feel familiar because it's predictable: You install the agent on your systems, authenticate to your cloud security service, and then watch the data flow in.
Here are some of the reasons why agents still find favor with security teams, along with some caveats as to why they are not the ideal choice for cloud.
Can fulfill an active role
Agents can do more than just siphon logs, metrics, and vulnerability alerts to your security platform. They're also capable of enforcing policies and making host config changes that improve security, such as by enabling firewalls or pruning unused applications.
However, all this comes at the cost of having to install the agent on each of your systems. The powerful on-device functionality is also a security risk: If the agent is compromised, then an attacker could abuse the agent’s host access to apply their own changes.
Works across infrastructure types
Agents can be deployed to any compatible host, whether in the cloud, your own data center, or on employee devices, enabling standardization of your security tools.
Unfortunately, this also means there's a burden on IT teams to ensure agents are consistently configured. The challenge involved in scaling agents to support thousands of devices shouldn’t be underestimated. If you’re already running all your endpoints in the cloud, then it’ll be simpler and safer to select an agentless service instead.
Agents can operate independently of the service they’re controlled by, functioning autonomously within their given environment This decentralizes your security model and makes it more resilient to incidents like network or platform outages.
Unfortunately, this is of limited practical utility. Effective cloud security management depends on “single pane of glass” visibility using a unified platform that lets you see every threat in your environment. Offline, disconnected, or individually managed agents don’t satisfy this requirement.
Disadvantages of agent-based security
While the advantages of agent-based security aren't without merit, agents alsopresent numerous drawbacks that admins and security teams need to address.
Can cause coverage gaps
Agent-based security depends on the agent being installed and enabled on each device in your fleet. It's up to administrators and operators to implement processes that ensure this actually happens. If a new host is deployed without the agent, then it will be silently missing from your security coverage.
Requires maintenance on each host
The agent software requires maintenance to prevent it from becoming outdated or misconfigured. These admin tasks are tedious and burdensome because they need to be replicated across all of your resources that use the agent.
Agents are usually designed to be lightweight, but they're still another process that's running on your hosts. Constantly analyzing threats and relaying data to the server can lower system performance and lead to increased resource consumption. Agent activity can even push your cloud compute nodes into higher-priced deployment tiers, causing unplanned cost increases that lead to budget overruns.
Risk of vendor lock-in
It's difficult to switch between agent-based security solutions because you need to remove the old agents, then install the new ones. This is a daunting task for organizations that have hundreds or thousands of endpoints, and they will more likely feel locked into their current vendor.
Can create security problems
Agents are there to protect security, but any problems with the agent process can actually pose a security threat. Agents are by nature privileged, networked processes that continually run on your hosts. A successful compromise is likely to expose sensitive system information, and multiple CVEshave been reported for security agents in recent years.
Challenging to scale efficiently
For all the reasons mentioned above, agent-based security is usually difficult to scale. Security should be automatic and nonintrusive; agents require manual deployment of extra software in your environments, so they fail to satisfy these criteria.
Advantages of agentless security
Agentless security solves most of the problems associated with agents. Instead of running an agent in each of your environments, agentless services sit outside your resources. They collate security information by monitoring data provided by cloud APIs and infrastructure services. This model presents several compelling advantages for security teams and administrators.
Simple, automatic coverage
Agentless platforms automatically monitor the resources in your cloud provider accounts. By connecting to cloud APIs, they can discover new resources as they're created, without requiring manual installation of an agent process. This maximizes security coverage from day one, improving the visibility of security issues.
As you don't have to worry about deploying agents, agentless security is much more scalable. You can freely add, remove, and replace resources as required. There's no extra burden on administrators, whether you're monitoring 10 endpoints or 10,000.
The absence of any agent processes running on your hosts means there's no performance impact on your workloads. At scale, small reductions in CPU utilization can have a big effect on overall resource capacity and associated costs. No processes also means no security impact.
No vendor lock-in
Eliminating agents lets you move between services more easily. Agentless is nonintrusive so you don't need to worry about cleaning up your environments after you switch. You can even use multiple services simultaneously for even better coverage or to help you trial available platforms.
Agentless security is maintenance-free. Not having to update agents lets your security teams focus on analyzing and mitigating detected threats. The platform will continually improve as the provider implements new features.
Disadvantages of agentless security
Agentless security provides clear benefits over the agent-based approach, although it's not entirely without its pitfalls. Several factors could cause dissatisfaction with an agentless solution.
Requires cloud APIs
Agentless solutions can generally only monitor resources in your cloud accounts. This means they might not be as good a fit for organizations with hybrid cloud workflows that include some on-premises resources. But if you’ve already fully transitioned to the cloud, then agentless can match or even exceed the coverage achieved with agents. Not only does it allow you visibility into individual resources but also the bigger picture across your entire cloud.
No runtime protection
As agentless services don't run directly alongside your workloads, they can’t actively protect your hosts by making configuration changes or quarantining suspicious packages. Despite this, agentless can still provide detailed visibility into runtime issues using a hybrid approach.
For example, Wiz’s agentless solution features eBPF sensors, Linux kernel modules that provide real-time monitoring of system calls, file changes, and anomalous activity within Kubernetes clusters without requiring an actual agent. This combines the best of both the agent-based and agentless models.
Summary: Agentless vs. agent-based security
Overall, agentless security is simpler, provides improved visibility, and is more scalable and maintainable than agent-based solutions. Although agents can still have advantages in specific situations, such as when you need low-level runtime protection, agentless is the option that’s better suited to modern cloud operations.
The table below provides a quick reference for key factors to help you decide between the two.
Agent process running on every resource
Single cloud platform
Slow; requires admins to install the agent
Instant, after initial setup
Limited; requires agent to be manually installed and maintained on every resource
Highly scalable; new cloud resources automatically discovered
Harder to change configuration; risk of vendor lock-in
Highly flexible to changing requirements
Effect on security
Risk that agents will be compromised
No effect on workload security (data consumed from existing APIs)
Agents must be updated and secured
Maintenance managed by the service provider
Best used for
Legacy on-premises and hybrid cloud services that aren’t supported by agentless services
All cloud resources
Wiz's approach to agentless security
Wiz’s Cloud Security Posture Management (CSPM) platform is an agentless solution built for easy deployments and non-intrusive, comprehensive coverage of your servers, virtual machines, applications, and other cloud assets.
Wiz supports a flexible system ofcustom rules that lets you detect misconfigurations and security vulnerabilities at the cloud and host level—no agents required. You can respond to all detected problems within the Wiz application, giving you a single pane of glass to control your cloud security.
Want complete, agentless security coverage for your cloud resources?Book your Wiz demo today.
Uncover vulnerabilities in the cloud without deploying agents
See why CISOs at the fastest growing companies choose Wiz to secure their cloud environments.
This blog post explores the world of container orchestration tools beyond Kubernetes, highlighting cloud provider tools and open-source alternatives that promise to redefine how we deploy and manage applications.
Microservices security is the practice of protecting individual microservices and their communication channels from unauthorized access, data breaches, and other threats, ensuring a secure overall architecture despite its distributed nature.
We’ll take a deep dive into the MLSecOps tools landscape by reviewing the five foundational areas of MLSecOps, exploring the growing importance of MLSecOps for organizations, and introducing six interesting open-source tools to check out
CSPM focuses on securing cloud infrastructure by identifying and remediating misconfigurations, while CIEM centers on managing and securing user identities and access permissions within cloud environments, addressing threats related to unauthorized access and entitlements.