While agents often provide excellent visibility into assets, they are only as good as everywhere they are installed. Unlike other agent-based technologies, Axonius automatically aggregates and correlates asset data from any source — regardless of asset type — to deliver a comprehensive and credible asset inventory for security, IT, and risk teams.
What's an Agent?
An agent is a lightweight piece of software installed across an organization on individual endpoints, log servers, or even cloud instances. Agents run continuously in the background and are often deployed, monitored, and maintained by third-party security companies.
What Do Agents Do?
The data collected from the device is largely determined by the type of security solution the agent is tied to. When installed, agents collect, monitor, and provide visibility into networks and applications — as well as the asset itself. Agents commonly observe and collect data into installed applications running processes, networks activity, user behavior, and more. From this, a wide range of details can be obtained, including IP and MAC address, open ports, installed software, operating system and version, patches, users, and security vulnerabilities existing on the machine.
What Technologies Rely on Agents?
A wide array of security and IT technologies rely on agents to manage systems.
Antivirus & Endpoint Security:
Protective software with the goal of keeping devices safe from threats and vulnerabilities. This is done by installing agents on the endpoint devices to monitor network traffic, collect it, and send it back to a server. Vulnerabilities and malicious activities are either detected automatically or looked into and remediated by a security team.
Configuration & Patch Management:
- Common Vendors: Crowdstrike Falcon, VMWare CarbonBlack, McAfee
Configuration management is the process of understanding and tracking the configuration state of IT assets across an enterprise. Patch management is the process of detecting devices that require or are missing patches, and deploying the necessary patches to the affected devices in an automated fashion. Once a baseline is established and data is collected, the security team is notified of changes or anomalies in the configuration state, helping identify malicious activity and automate remediation responses.
Unified Endpoint Management (UEM) & Mobile Device Management (MDM):
- Common Vendors: Tanium, Kaseya, IBM BigFix
UEM is an all-in-one software solution used to manage all of the endpoints and deploy, configure, and secure them. MDM has the same purpose, but is specific to mobile devices such as smartphones and tablets. Both UEM and MDM help with asset management and security efforts by giving organizations visibility and control over the endpoints to restrict access, enforce policies, and better understand the attack surface area.
- Common Vendors: 1E Tachyon, IBM Maas 360, Blackberry UEM
How are Agents Used for Asset Discovery?
Because companies deploy so many agents across a wide array of devices, they also rely on agents as a source of asset data. The upside? Agents can provide deep visibility into each device, and are one of the most useful sources to begin inventorying all assets.
What are the Limitations of Agent-Based Solutions?
While agents are a great source of asset data, there are three main limitations when solely relying on agents for asset management.
- Deployment: Most organizations don’t have full asset visibility, meaning deployment on 100 percent of devices is nearly impossible. Additionally, deployment on Virtual Machines (VMs) or containers is difficult because they can be spun up or decommissioned before the agent is installed. Many IoT, IT/OT, and other unmanaged devices don’t support the installation of an agent, which leaves a coverage gap for these devices.
- Visibility: Agents can only be deployed on known devices, meaning visibility is only as good as where agents are deployed. On devices with agents installed, there could be disruptions or agents could be disabled, resulting in a visibility gap. If devices are “unmanaged” or don’t have agents installed, an agent-based approach won’t collect information on them.
- Maintenance & Bandwidth: Keeping up with agent hygiene and version control is a tedious process that makes it hard to ensure all agents are running the correct versions and configurations. Agents could be corrupted, disabled, or fully removed, adding another item for organizations to track and update. Agents can also take significant resources away from the underlying systems and devices they’re running on.
Why it’s Best to Combine Agent-Based Technologies with Other Data Sources
- Some assets aren’t being managed with agents: For example, medical devices or SCADA systems may never have an agent, so relying on another source here will lead to incomplete asset inventories.
- You can’t identify gaps without comparing two or more data sources: For instance, to find a device missing antivirus, you have to compare a source that knows about devices with a source that knows about all antivirus deployments — and that’s just one example. To find other gaps, you need numerous data sources.
- More data sources lead to stronger signals: The more data sources overlapping, the stronger correlation can occur to give you a single source of truth into any one asset.