Complete Cloud Visibility with Agent Based Security
5 janvier 2021
Within the technology sector, software agents have been historically referred to as softbots, and can perform various continuous and autonomous operations, like archiving data or logs on a recurring basis. Let’s take a walk down memory lane and look at the abridged history of agents, where they are today, and where they are taking us when it comes to visibility into modern multi-cloud and containerized environments.
A Brief History of Software Agents
In the past, kernel module agents were prolific, yet were often were associated with requiring restarts, forcing infrastructure to come down for a short amount of time, giving them a negative connotation amongst IT security and operations teams managing servers, desktops and other endpoint devices. Organizations that kept adding technology solutions which continued to deploy agents faced uncertainty with this inefficient approach. According to an interview with Network World, CWIE’s director of information security at the time echoed a growing sentiment that started establishing “hard limits on how many agents we send out to our endpoints.” There was a need to balance the amount of software installed on clients and servers specifically with the aim of securing and managing machines more efficiently.
Agents Today: Visibility and the Growth of the Public Cloud
Fast forward to today, and the unstoppable and undeniable spread of public cloud computing, only matched in proliferation to that of cyberattacks, is changing the landscape with regards to agents. We have learned from the past that agents, when appropriately placed, are the most effective way to generate the visibility and context needed to stop sophisticated cyberattacks – especially when protecting organizations that are increasingly more dependent on public clouds.
Understanding the importance of lightweight and appropriately placed agents on a cloud network to drive security starts with comprehending what makes an effective agent in the first place.
Characteristics of an Effective Software Agent
According to the Journal of Scientific and Engineering Research, within their introspective analysis of software agents, they determined that effective agents share several similar characteristics. Although one of the key attributes was the ability to perform tasks without any source intervention, this capability is often combined with the capacity to provide social interaction with others of its kind (as well as with people).
It is also important for agents to be created to meet specific, predetermined goals, and they must also be able to receive and adapt to changes, which is critical in today’s ephemeral cloud environments. Agents should also be crafted in a powerful programming language in order to ensure they operate under a well-established set of rules. The analysis concludes by stating that effective software agents must be:
- Designed with the safety of information at the core
- Effective in the usage of the existing resources
- Careful in the handling of unauthorized users
Characteristics of an Effective Cloud Security Agent
Endpoint devices once leveraged agents to drop a continuous stream of vendor code that often led to conflicts with surrounding services, slower network performance and management issues – specifically when upgrades were needed. Since then, our understanding of agents, and the effective and appropriate use of agents, have come a long, long way.
In cloud security, agents are an extremely effective tool to combat the increasing sophistication of cyber attacks and illicit cloud activity, and are pivotal to a sound IT security approach. Beyond cloud activity analysis, deploying Lacework agents, for example, allows for deep and contextual insight into containers and hosts.
On the delivery front, much has evolved as well. Lacework agents for example can be deployed over 10 different ways in order to minimize network stress or operational challenges. And with a single Lacework agent being able to serve the purpose of roughly four standard/traditional agents, we are able to take a consolidated approach towards agent use that saves organizations time as well as computing costs.
And the efficiency doesn’t stop there: built-in protection keeps the maximum CPU and memory usage levels low. In fact, our agents have an average utilization rate of less than half a percent of CPU, and are read-only, self-updating, and require no rebooting. These are just some of the many characteristics that make Lacework agents leaders within the industry for having the highest agent standards.
We’ve often seen this value and appeal expressed by IT security leaders in the ability to consolidate several other various point solutions. Lacework is capable of consolidating five, six, seven, eight, even nine superfluous dashboards, along with just as many agents.
Lacework also replaces agents that are commonly used for host intrusion detection, as well as network and intrusion detection. This scale and capability allow our agents to replace other agents for host vulnerability assessments, as well as replace agents for container runtime security, like Kubernetes API orchestration. Lacework is even able to minimize agents otherwise used to monitor for container vulnerabilities, and when combined with the other features, provides a one-stop-shop for cloud security that consolidates all other agents into a single Lacework agent.
Want to learn more? Feel free to chat with us to see how you can leverage agent-based technology to achieve the visibility and context that goes hand in hand with modern, effective security.
Image via Maxresdefault