With the increased normalization of remote work, many organizations are dealing with an attack surface that has expanded beyond traditional network bounds. A new imperative exists for IT and security teams to adopt broader work-from-home security practices. This includes updating vulnerability scanning and management strategies to monitor both remote endpoints and network assets effectively.
A Combined Scanning Strategy
So, how does your team ensure full scanning coverage for in-network and remote endpoints accessing corporate assets? Do you need agentless or agent-based scanning? In truth, it is not an either /or question. Both methods have their benefits and limitations:
Benefits | Limitations | |
Agentless | Lightweight and delivers deep network and host assessments with no compatibility requirements to detect and scan assets. | Requires every device to be connected to the network for detection by agentless scanners. |
Agent-based | Lightweight and fills in the gaps created by remote endpoints with intermittent connectivity. | Agents reside on external devices and require operating system compatibility, which limits their ability to scan network assets. |
A combined scanning strategy using both agentless and agent-based methods helps ensure all network-connected assets are scanned and secured.
When Should You Include Agent-Based Scanning?
Knowing when to incorporate agents into your vulnerability management processes isn’t a straightforward decision. Below are common use cases for agent-based vulnerability scanning to help you build out your combined scanning strategy.
- Intermittent or Irregular Connectivity: Vulnerability management teams are now tasked with scanning devices that access the corporate network remotely using public or home-based Wi-Fi connections. These connections are often unreliable and intermittent resulting in missed network-based scans. Fortunately, the scanning frequency of agents doesn’t require a network connection. The agent detects when the device is back online, sending scan data when it is able to communicate with the VM platform.
- Connecting Non-Corporate Devices to Corporate Networks:With the increased use of personal devices, company networks are more exposed to malware and infections due to limited IT and security teams’ control and visibility. Agent-based scanning gives security teams insight into weaknesses on non-corporate endpoints, keeping them informed about potential attack vectors so they can take appropriate action.
- Endpoints Residing Outside of Company Networks: Whether company-issued or BYOD, remote assets frequently connect to the Internet outside of traditional network bounds. An agent that resides on remote endpoints conducts regular, authenticated scans searching for system changes and unpatched software. The results are then sent back to the VM platform and combined with other scan results for review, prioritization, and mitigation planning.
Related content: Five Steps to Shrink Your Attack Surface
Getting Started
Fortra Vulnerability Management (Fortra VM) supports a combined scanning strategy in which a robust agentless scanning technology is enhanced with Agent for seamless coverage for both network and remote devices.
Fortra VM’s patented scanning technology identifies and evaluates the security and business risk postures of network devices and applications, while Agent scans remote endpoints ensuring, ensuring more comprehensive vulnerability scanning. Scan information from Agent is incorporated and reported via our user-friendly dashboard, and included in Security GPA® and Insight peer comparison reports for informed prioritization and reporting.
Together, Fortra VM agentless scanning and Agent extend the scope of vulnerability assessments to shrink your attack surface. For more information read the Feature Brief.
Featured Resources
Make Sure Your Vulnerability Management Choice is the Right One
The Comprehensive Vulnerability Management Purchasing Guide outlines which VM options to look for prior to purchasing.