You Can’t Secure What You Can’t See
November 9, 2021
The agent-based vs. agentless debate is not a new one and it continues to move to the forefront as more organizations adopt the public cloud and containerized environments. When considering the pros and cons of possible security solutions, it’s important to remember that cloud security is fundamentally a data problem. Therefore when choosing how to secure your cloud with an agentless approach, an agent-based approach, or a thoughtful combination, the answer always comes back to the data.
Mark Nunnikhoven recently shared a blog discussing the pros and cons of Agent vs Agentless Security. He reminded us that agentless is simple and provides data for services where agents aren’t possible, and agents give a level of visibility that isn’t possible from other sources. Ultimately, the outcome is what matters, so ask yourself, “what data do I need to secure our cloud environments and how can I get it?”
Security Is A Data Problem
Security is a data problem and Lacework uses data as the solution. By using the information we collect about your environments and comparing activity with a baseline, Lacework identifies changes and abnormal behaviors. With this innovative approach, we automate, categorize and prioritize events which drastically reduce the need to write rules and minimize the number of critical alerts to just a handful per day— the right alert, at the right time, with the right context.
Whether it’s data about user activity, network connections, or workload configurations, we provide the necessary context to quickly investigate and resolve the issues in one easy-to-navigate platform. Lacework ingests all of the data and flags misconfigurations, vulnerabilities, threats, compliance violations, and more. Do we use agents or an agentless approach for this? The answer is both.
Many security and DevOps professionals appreciate an agentless approach. For those who advocate for an agentless approach, you’ll be glad to know that we agree that it is an essential part of modern cloud security. Our agentless security helps organizations and security professionals to shift left, improving cloud environments secure things before they are put into production and helps improve configuration. Security should be everywhere data is created, transacted, integrated, and applied — from build time through runtime.
Lacework’s agentless approach is essential for securing your cloud assets, achieving compliance, and all things relating to cloud security posture management (CSPM), and it’s easy to get started. Our agentless approach is quick to deploy and easy to maintain, using APIs to pull the necessary data from your cloud service providers (CSP). Using this method, we see user activity to the CPS (creating and managing resources, log-ins, configurations, regular CSP maintenance activities, etc.) and identify misconfigurations, which automatically reduces risk throughout the software development lifecycle.
When Lacework’s behavioral modeling engine, known as Polygraph®, is applied to log data –such as cloud trail logs from AWS– we are able to identify users and their behavior to improve security throughout build time and runtime; continuously analyzing the data for behavioral abnormalities.
Security should be everywhere. If you can’t see it, you can’t secure it. So there is still a need to know what is going on inside your workloads and containers to have a truly secure environment, and that’s where agents come in.
Lacework agents enable total visibility of your infrastructure with real time asset configuration data for security and compliance. Deploying our agents allows for deep and contextual insight into containers and hosts. They also provide enhanced visibility across processes and applications within cloud and container environments to improve threat detection, incident investigation, and triaging.
Designed to monitor and report, our agents are lightweight and performant. They have been created to meet the specific needs of organizations that are increasingly dependent on rapidly changing clouds and containers, and most importantly, they are able to receive and adapt to changes. Our agents are designed with the security of data at their core with efficient usage of resources. As build-time and run-time operations, our customers can take advantage of a security-first, visibility everywhere model that enables continuous visibility, automation, and the ability to move fast.
Multiple microservices can run within a single host within a containerized environment. The data required to understand the properties within a container at the network-level is only visible from within the host. Custom applications are also able to be monitored with agent based monitoring due to the deeper data retrieval capabilities.
Lacework agents give you access to:
- Processes running on the host
- Processes running in a container that make a network connection (server or client)
- All container internal servers and processes that are listening actively on certain ports
- File Integrity Monitoring (FIM) on the host
- Host vulnerability on the host
Lastly, Lacework agents are only installed individually and do not have global access to the network. That means that even if one is compromised, the entire network is not.This makes agent monitoring more secure and better for a high-security environment, and they are automatically updated for easy maintenance.
See It and Secure It
In the highly complex environments of public and private clouds, agents are ideal for the depth of data they can provide about what is happening inside your infrastructure, and agentless monitoring, with it’s flexibility and ease of implementation, is great for monitoring your assets across all cloud environments.
A combination of agentless and appropriately placed agents are the most effective way to generate the visibility and context needed to stay secure. When making your final decision, be sure to consider these important aspects: security, flexibility, ease of implementation and maintenance.
Copyright 2021 Lacework Inc. All rights reserved.