Security Controls is, at its roots, an agentless solution. With a few simple configuration steps, however, Security Controls can also provide agent-based services. This section explains when to implement each solution.
For Patch Management
and Asset Management Tasks
Start with the Agentless Features of Security Controls
For large enterprises containing thousands of machines, the ease of use provided by the agentless technology of Security Controls can be used to address the patch management
Polish Things Off with the Agent-based Features of Security Controls
Most large enterprises have machines in hard-to-reach places: machines in remote locations, laptops that roam to different locations or that park and dock outside the office, machines in protected zones (DMZs), etc. For these devices you can use the agent-based features provided by Security Controls, which are implemented using Security Controls Agent. With Security Controls Agent you can be sure that these machines are scanned regularly, even if they are disconnected from your enterprise network.
There is one exception; agents can be used to perform software asset scans and hardware asset scans, but they cannot perform virtual asset scans.
For Power Management Tasks
A number of the power management tasks apply only to agentless situations. This includes the Shutdown now, Restart now, and Wake-On-LAN tasks that are initiated from Machne View or Scan View. These tasks require the target machines to be accessible from the console and are therefore not implemented within an agent policy.
Power management tasks that use a power state template, however, can be implemented in either an agentless or agent-based manner. You may consider using an agent-based power state task under the following conditions:
•If you want to apply your power management policy consistently across all machines within your organization (connected and disconnected).
•If you have machines that may not always be reachable from the console (for example, machines in a DMZ).
•If you are concerned with network bandwidth issues.
An agentless power state task will push a small number of files from the console to each target machine -- if a large number of machines are involved it may affect the performance of your network.
For Application Control Tasks
An agent is the only way to implement application control tasks in Security Controls. For overview information on configuring and implementing application control, see Application Control Overview.
Patch Management Tasks
All patch management tasks on Linux-based machines are performed using agents. For more information, see Overview of Linux Patch Management.