The first thing that comes to mind when you hear the word “agent” is likely James Bond or the CIA. It's true that the CIA knows their way around cybersecurity controls, but this blog is about a different type of agent.
Those of us working on corporate-owned devices probably at some point noticed a slew of pre-installed applications responsible for different security policies or operations functions. But how many times do you interact with these mysterious icons in your applications folder? Chances are, never – and that’s because these are agents!
What is an Agent Anyway?
Agents are pieces of installed software that run autonomously in the background of your devices. A perfect example is most anti-virus software, including those made for personal use. The anti-virus agent is constantly scanning your machine for viruses and malware, but it doesn’t require regular user interaction.
In the corporate world, agents can range from device management to anti-virus to a virtual private network (VPN). In the security world specifically, it often seems that every tool needs a different agent for full functionality – and this has created an interesting challenge.
The Case for Agents
The bottom line is that it’s currently impossible to avoid deploying agents. While many tools are marketed as “agentless,” there are often use cases and functionality that can be unlocked only with the use of an agent. The reason is purely due to the technical limitations of modern tools, applications, and operating systems.
For instance, advanced device posturing capabilities often require an agent to be installed. Without the agent, enforcing access policy based on a device’s operating system version, hard drive encryption status, and other local systems would be impossible. There is just no way of knowing what’s happening on the device without something on the device itself (in the context of cloud-based solutions). Sure, there are some network-based solutions, but these cannot cover off-network, remote workers.
The Case Against Agents
An agent is a piece of software that must be installed on all devices an administrator wants to protect. It may be easy to push out an application through a Mobile Device Manager (MDM) or Group Policy, but does an admin really want to support the installation, configuration, and troubleshooting of yet another vendor agent?
Agents add a lot of functionality and provide security and tech value, but they can also lead to massive user frustration, which may eventually result in the circumvention of security processes. The best example of an agent is a Virtual Private Network (VPN), and if you’re anything like me, you probably have your own horror stories around VPNs. Logging into the VPN is often needlessly difficult, connection speeds can be reduced by as much as 50%, and poor traffic routing can impact the user’s entire digital journey. The more frustrated a user gets with their VPN or SASE agent, the more they’ll try to get around the controls put in place. Users want to get their work done quickly and efficiently, and most traffic tunneling agents result in the opposite experience.
So, Is Agentless or Agent-Based Better?
As is so often the case, the answer is “it depends.” Here at Cyolo, we’re admittedly biased, as 95% of our use cases and functionality are achieved without using an agent. But that does leave a small number of scenarios in which we still need an agent for advanced device posturing capabilities and certain native client applications.
The key questions that IT and security teams need to ask vendors about their agents are:
Can an end user install and upgrade the agent themselves?
What is the bandwidth impact when tunneling traffic through their agent?
How lightweight is the agent? Does it consume a lot of resources on a machine?
Whether you love them or hate them, agents will not be disappearing from our lives any time soon. Still, when adopting new tools and technologies it is critical to weigh whether you need an agent for all required functionality or if the agent is overkill that may impede your results.
