The Great Agent Debate: New Research Breaks Down the Love-Hate Relationship

Written by Andy Schneider, EMEA Field CISO, Lacework.

While there are new cloud security debates every day, there's a common thread that security professionals can't seem to stop discussing: security agents. If your feelings toward agents go back and forth between appreciation and skepticism, you're in good company.

A new report from the Enterprise Strategy Group (ESG) and co-sponsored by Lacework titled Cloud Detection and Response: Market Growth as an Enterprise Requirement surveyed nearly 400 IT and cybersecurity professionals on different aspects of their organization’s cloud threat detection efforts. One focus of the study zoomed in on security agents.

And, you guessed it, attitudes towards agents were a mixed bag. The survey results suggest more internal angst than a Taylor Swift ballad. We love agents and appreciate them for what they help us do. But, well, we also hate them because there are plenty of agents that make our lives difficult.

Many attribute the love-hate relationship between security professionals and agents to old wounds and bad experiences. However, the data says that there’s more to the story. So, what’s truly fueling these mixed emotions among security experts? Let’s dig in.

The quintessential role of agents

Almost universally, security professionals recognize the importance of agents. A significant majority of respondents (87%) indicated that they recognize the value of agent-based tools. However, they also believe that those tools introduce operational complexity. This shows that, largely, traditional agent-based tools have earned trust over time and proven value, even if legacy security agents have caused some headaches.

Further reinforcing their importance, a whopping 99% of survey respondents expressed a need for better visibility in areas where they couldn't, or haven't yet, deployed an agent. So while it’s clear agents are needed, legacy agents still pose deployment, maintenance, and performance issues.

But wait, is that a light I see at the end of the tunnel?

Agentless solutions: The real deal or merely aspirational?

Over the past few years, agentless security solutions have been all the rage. Are we really surprised? Deploying and maintaining legacy agents in the context of dynamic cloud environments has been nothing short of painful. So now you’re telling me there’s a way to completely protect my cloud environment through API connections alone? Sign me up!

The ESG study indicates that the agentless hype train continues to roll. Nearly three quarters of respondents (74%) said they believe that agentless solutions could effectively protect their cloud assets. However, interestingly, only 24% of respondents are actually using an agentless-only strategy. This adoption will certainly increase — but is agentless enough?

It's wishful thinking to believe that an agentless-only approach can give you the same level of visibility as an agent-based approach, as only an agent can gather data from within your cloud workloads. Security professionals know there’s a level of visibility that’s only possible by gathering data from within your cloud workloads.

While an agentless solution can easily find misconfigurations in your cloud and also, in some situations, detect behavior-based patterns outside your workloads, finding an attacker within your workload is almost impossible.

Striking the right balance

A layered agent and agentless approach may be the future —a strategy that only 9% of survey respondents are currently using. My conversations with security teams and leaders show that the value of agents is definitely understood. But many feel overwhelmed with too many additional tasks, too many alerts, and increasing complexity. Most seem already happy if they are capable of solving many of their issues via agentless means — the simple path — even knowing that this won’t be enough for full cloud security.

However, again, many of these security teams have likely been burned by legacy security agents. The good news? As we've transitioned into the cloud era, security agents have seen significant advancements.

Some agents are specifically designed for cloud workloads and offer security measures without the operational challenges of their predecessors. These agents are purpose-built to handle vast amounts of data efficiently, offer flexible deployment, and are self-sufficient. They’re customizable and have a light footprint in cloud environments.

With modern security agents, businesses can hopefully realize that full cloud security doesn’t need to be quite as painful as it was in the past. And security teams and leaders stand to gain by sharing the context of agentless and agent-based features across security platforms. This combination can allow companies to build and run a secure cloud while keeping false positives at an acceptable level.

What’s next?

The agent versus agentless conversation isn’t going away any time soon. The debate will rage on. The angst will continue. Ballads will be written.

But what can we agree on? As the cloud undoubtedly continues to evolve, our tools and security perspectives will need to adapt. And flexibility and innovation are non-negotiables.

Click here for full access to the ESG study, Cloud Detection and Response: Market Growth as an Enterprise Requirement.

---

About the Author

Andy Schneider currently acts as the EMEA Field CISO for Lacework, co-host of the Code to Cloud podcast, and advisor to TX Ventures and various security startups. Over the past two decades, he has held several CISO positions, always aiming to make cybersecurity more agile and user-focused and working to embed security into the design of digital products.