logo

Agent vs Agentless

Agent and Agentless refer to two different architectural models for managing, monitoring, or securing IT environments, defining where the intelligence or collection mechanism resides.

  • Agent: requires installing specialized software (the "agent") on the target system.
  • Agentless: relies on existing network protocols or APIs to gather data remotely.

Agent-based

The agent is software that you install on the system you want to assess. That agent executes on the target system:

  • reading configuration files
  • checking ports and protocols
  • collecting live data for alerts and reports

For example: "Run the Datadog Agent in your Kubernetes cluster to start collecting your cluster and applications metrics, traces, and logs." https://docs.datadoghq.com/containers/kubernetes/

Pros

  • All information gathered is on the current state of your actual system.
  • There’s no remote login required, which means no new end point, no remote connection management, and no lag or connectivity issues.
  • The scanner can access all the necessary system elements with few security limitations.
  • There are no snapshots required, which saves time and cost.

Cons

  • Customers have to trust the agent and may have limited control on the agent.
  • The agent taks up resources.
  • The agent may introduce other issues, like a memory leak.
  • The agent must be installed on each machine, which requires time installing, maintaining, and updating the agents.
  • Customers may not be able to install agents on infrastructure assets. E.g. the infra may be managed by a third-party, which might not allow agents on their systems.

Agentless

A few options

  • Remote access, either SSH or through a cloud shell. It executes outside the target system. It collects real–time information by connecting to the scan target.
  • Disk snapshot scanning assesses a copy of the target system rather than the system itself. It never interacts with the scan target.

Disk scanning is the dominant approach.

  • Low risk: scan a snapshot of the VM filesystem, not the live VM. Minimal chance to disrupt the running VM.
  • Low impact: many customers routinely create daily VM snapshots for backup purposes, so little inconvenience to enable disk scanning.
  • Disk scanners widely available
  • Vulnerability databases widely available
logo
PRIVACY POLICYABOUT中文