Security Controls provides both agentless and agent-based solutions. This section describes, in general terms, the benefits of each solution. The sections that follow explain in more detail how to use an agent.
Applies only to Windows-based machines.
Agentless systems are based on push technology and on a centralized design. A central authority is responsible for scanning the machines in the enterprise and for initiating all actions on those machines. Agentless systems have a number of advantages over agent-based systems. Strict agent-based systems can only report on machines that have the agent actively running. If the agent has been disabled the machine will appear to not exist. In addition, new machines can be introduced to a network and these rogue machines will not only be agentless, they may well be invisible. Agentless systems, on the other hand, can scan ranges of IP addresses and report on machines it finds. Even if it cannot access the system, the agentless scanner will at least report that a new IP address is present on the network. In many cases agentless systems lower the cost of ownership, reduce management overhead, and provide for quick and easy deployment. This is especially true in large enterprises managing 10,000 or more machines. An administrator can be scanning and fixing their network within minutes using an agentless system.
In Security Controls, all Windows-based patch
and Asset Management
Certain types of users or systems can pose problems for agentless solutions. Machines that must reside in a ”de-militarized zone” (DMZ), roaming users, and disconnected or inactive machines can all prove problematic. In these cases an agent-based solution is often the best answer. Agent-based solutions consist of proprietary client-side communications software that resides on a computer and facilitates communications with server-based administrative software. The agent scans the client machine for information and then provides the information directly to the server console.
An agent-based solution is a useful complement to an agentless patch management
Finally, all Linux-based patch management operations are performed using agents. This is due to the differing natures between Windows and Linux operating systems. The agent infrastructure lends itself quite well to managing these differences and providing cross platform functionality.
An agent-based solution is also well suited for performing power management tasks. For example, if you want to be sure your portable machines are not left powered on late at night or over the weekend, an agent can be used to automatically shut down those machines. In addition to saving power and avoiding unnecessary wear, shutting down your disconnected machines during those times they are likely to be left unattended is also a smart security precaution.
Application Control is only available on Windows-based machines.
Because they are located directly on each target machine, agents are the ideal method for implementing application control tasks. The agent can constantly monitor the machine in real time and quickly react to access requests and implement any site-specific rules that you want to enforce.
•Designed for centralized, Windows-based environments
•Based on push technology
•Ideal for networks with large amounts of bandwidth
•Dependent on network connectivity
•A central authority does all the scanning and deploying
•Best for performing patch management
•Best for frequently disconnected machines or machines in the DMZ
•Based on pull technology
•Ideal for distributed networks with remote locations that have limited bandwidth
•Less dependent on network connectivity; ideal for mobile computers that are not always connected to the network
•Each agent does its own scanning and deploying based on policies defined on the central console
•Best for performing Windows-based patch management
•Used for performing Linux-based patch management tasks
•Used for performing application control tasks