With 87% of businesses embracing multi-cloud migration and 72% selecting a hybrid cloud solution, in accordance to Flexera’s 2023 Point out of the Cloud Report, securing cloud purposes and assets has under no circumstances been more pressing.
The siloed mother nature of a hybrid cloud architecture usually means that cloud security is no effortless task, and cybersecurity groups generally have to prioritize security steps.
To react to a escalating desire, cloud security providers are providing diverse instruments. Traditionally, these tools use ‘agents’ which are specialized software package elements that are put in on gadgets for carrying out security-associated actions like scanning and reporting, rebooting techniques and making use of patches.
Answers that typically get the job done in this way include things like cloud security posture administration resources (CSPM), cloud infrastructure entitlement management engines (CIEM) and cloud workload security platforms (CWPP) – more and more packaged jointly below the umbrella of cloud native application security platforms (CNAPP).
“The major challenge with these solutions is that you have to deploy an agent on every system, which can become hard as executing so can clash with other departments in just your corporation. The legal team, for occasion, may not permit you deploy an agent on a method that is by now been permitted,” Deepinder Chhabra, board advisor at ISACA, explained to Infosecurity in the course of the Cloud & Cyber Security Expo in London on March 9.
The explosion of agent-dependent cloud security alternatives has even inflicted agent exhaustion on security specialists, Jaime Franklin, head of world cloud answer sales at Uptycs, argued throughout a Cloud & Cyber Security Expo session.
“They’re exhausted of acquiring to deploy all the various brokers, make certain they are in line with the DevOps pipeline, handle them and protect how useful they are versus the overhead that they have on the performance point of view. They seriously are seeking for some thing various,” he reported.
Study far more: Comprehending the Shared Duty Design, Critical Move to Assure Cloud Security
Agentless cloud security providers – the likes of Cloudnosys, Orca Security, Sysdig, Cyscale, between some others – have emerged in the last 5 yrs to provide an option.
“Agentless answers are much less complicated to deploy, in seconds you can seize snapshots from your cloud property and purposes on all your equipment and mail them again for evaluation,” Franklin discussed.
Comprehensive Visibility v Real-Time Examination & Prevention
Nonetheless, agentless products and solutions typically do not offer actual time security analysis, Franklin pointed out.
“They are built to give new scans just about every 24 several hours, so if I acquire a snapshot scan, it really is likely to wait a complete day for the future one – unless of course I talk to for an advertisement-hoc scan. A large amount that can happen inside of 24 several hours. Agent-dependent solutions offer true time telemetry,” he reported.
Also, agent-based cloud security alternatives do not only provide security examination, but real avoidance, Franklin mentioned.
“An agentless CSPM, for instance, might be superior at analysing a cyber party in an open up port than an agent-primarily based just one, because it will permit you to correlate distinctive parts of data from various areas of your procedure, but it will not be ready to remediate it, while an agent based mostly one particular will,” he described.
Agentless cloud security remedies have not killed the need to have for agent-based kinds, Tomer Schwartz, Dazz’s co-founder & CTO, mentioned.
“In cloud security like everywhere else, there is no silver bullet. Agentless cloud security answers can enable organizations deploy some essential cloud security features swiftly to substantial workloads. They are also specially handy for compliance purposes,” Schwartz reported during a session at the Cloud & Cyber Security Expo.
Franklin mentioned: “Maturity and the place you are in your cloud adoption journey is critical to choose concerning agent and agentless options. A single of my customers told me they required an agentless solution because they are early in their cloud migration and have a skillset shortage. For them to try to take care of the deployment of an agent did not make sense. Agentless methods can assist them commence at minimum doing a thing to safe their cloud-primarily based assets and workloads,”
Chhabra concurred: “Probably this agentless remedy will not provide 100% of functionalities you ended up in the beginning searching for, but at this stage you are delighted with 80%.”
Even so, companies will need to be pretty attentive to what they are signing up for, since the transition from an agentless to agent-centered remedy can also be incredibly challenging.
“When the Log4j vulnerability broke out, some of our clients considered their agentless cloud security resource experienced avoidance capability, which it didn’t. What some did then was to lay down a 2nd, agent-primarily based resolution alongside their agentless visibility software. Then you have many remedies, person interfaces (UIs), and backends to take care of, which means even a lot more complexity,” he warned.
Some parts of this report are sourced from: