In our previous blog on this topic, we discussed some of the considerations when choosing between agent-based and agentless cloud security approaches. The following table provides a summary of these considerations.
AspectAgent-based
Agentless
Deployment
- Deployed on every asset independently - Can add potential friction; may require some special access permissions per asset - Deployment has to scale up with additional assets - Can be resource-intensive for the monitored asset
- Deployed externally to assets being monitored, usually at the cluster level - Relies on the provider's inherent access role schemes and APIs - Processing and data collection are independent of assets - Can be resource-consuming at the provider's billing level
Monitoring
- Tailored for asset specifications (must be aware of and compatible with OS, kernel, and architecture of the layer in which it operates) - Can be used over a variety of different cloud providers - Has access to unexposed asset information, but requires elevated permissions, which may turn into a security consideration of its own - Has a specific view per monitored asset; higher-level correlation has to be done externally - Missing or malfunctioning deployment may result in blind spots - May require different inspection methods for different types of assets
- Agnostic to asset specifications - Relies on cloud provider's API and its data collection facilities - No access to unexposed provider information - Has a cluster-level view of asset activities, usually from a single collection point; easy to make correlations between different cluster asset activities - Malfunctioning deployment may result in cluster-level blindness - Unified access to all asset information via a common API and data collection facility
Enforcement
- Needs an in-band access ..
Support the originator by clicking the read the rest link below.
