With the increased normalization of remote work, many organizations are dealing with an attack surface that has expanded beyond traditional network bounds. A new imperative exists for IT and security teams to adopt broader work-from-home security practices. This includes updating vulnerability scanning and management strategies to monitor both remote endpoints and network assets effectively.
A Combined Scanning Strategy
So, how does your team ensure full scanning coverage for in-network and remote endpoints accessing corporate assets? Do you need agentless or agent-based scanning? In truth, it is not an either /or question. Both methods have their benefits and limitations:
|Agentless||Lightweight and delivers deep network and host assessments with no compatibility requirements to detect and scan assets.||Requires every device to be connected to the network for detection by agentless scanners.|
|Agent-based||Lightweight and fills in the gaps created by remote endpoints with intermittent connectivity.||Agents reside on external devices and require operating system compatibility, which limits their ability to scan network assets.|
A combined scanning strategy using both agentless and agent-based methods helps ensure all network-connected assets are scanned and secured.
When Should You Include Agent-Based Scanning?
Knowing when to incorporate agents into your vulnerability management processes isn’t a straightforward decision. Below are common use cases for agent-based vulnerability scanning to help you build out your combined scanning strategy.
- Intermittent or Irregular Connectivity: Vulnerability management teams are now tasked with scanning devices that access the corporate network remotely using public or home-based Wi-Fi connections. These connections are often unreliable and intermittent resulting in missed network-based scans. Fortunately, the scanning frequency of agents doesn’t require a network connection. The agent detects when the device is back online, sending scan data when it is able to communicate with the VM platform.
- Connecting Non-Corporate Devices to Corporate Networks:With the increased use of personal devices, company networks are more exposed to malware and infections due to limited IT and security teams’ control and visibility. Agent-based scanning gives security teams insight into weaknesses on non-corporate endpoints, keeping them informed about potential attack vectors so they can take appropriate action.
- Endpoints Residing Outside of Company Networks: Whether company-issued or BYOD, remote assets frequently connect to the Internet outside of traditional network bounds. An agent that resides on remote endpoints conducts regular, authenticated scans searching for system changes and unpatched software. The results are then sent back to the VM platform and combined with other scan results for review, prioritization, and mitigation planning.
Related content: Five Steps to Shrink Your Attack Surface
Frontline Vulnerability Manager™ (Frontline VM™) supports a combined scanning strategy in which Frontline’s robust agentless scanning technology is enhanced with Frontline Agent™ for seamless coverage for both network and remote devices.
Frontline VM’s patented scanning technology identifies and evaluates the security and business risk postures of network devices and applications, while Frontline Agent scans remote endpoints ensuring, ensuring more comprehensive vulnerability scanning. Scan information from Frontline Agent is incorporated and reported via Frontline’s user-friendly dashboard, and included in Frontline Security GPA® and Frontline Insight™ peer comparison reports for informed prioritization and reporting.
Together, Frontline VM agentless scanning and Frontline Agent extend the scope of vulnerability assessments to shrink your attack surface. For more information read the Feature Brief.