Many application mapping solutions use agents for discovery, justifying this by claiming that they provide better accuracy, more information or greater affordability. However, agents are a cumbersome and complex solution when it comes to that purpose.
First, IT teams need to put agents everywhere, or they run the risk of having gaps in their infrastructure maps and losing comprehensive visibility. Second, the use of agents means that people need to know in advance what they are monitoring. Since agent-based solutions rely on human knowledge, this makes them less reliable than the alternatives. (For more information, see our Guide to IT Audits.)
Here is a summary of the advantages of agentless scanning over agent-based scanning in this context.
Agent installation requires user access credentials for every OS instance that is deployed. This exposes all internal data. When using agentless scanning, there is no need to open firewalls, provide server credentials, or connect to the Internet. Internal data does not need to leave IT environments.
Ease of Deployment
IT teams must install an agent on every OS instance, so large environments will require many agents. This can be very difficult, time consuming, and challenging in large deployments. With agentless scanning, deployment and configuration of an environment is automated. Often, they can be fully deployed in under an hour.
Time to Value
Because of the complicated and lengthy deployment issues in agent-based scanning, it takes a long time before users see the value. With agentless scanning, users receive immediate value and can see insights quickly once the deployment is complete.
System Resource Use
Agents are installed on servers and can impact them. This adds overhead and can cause compatibility issues with some software. If a third party has a bug or crashes, it can affect performance by either creating overhead or crashing actual applications. In contrast, agentless scanning does not access servers at all.
Agent-based scanning is indeed the most accurate, but it is accurate only where it is installed. It does not provide a full view. Agentless scanning can discover all applications and their dependencies in detail in real time. The resulting maps are continuously and automatically updated without any blind spots.
Segmented environments may force IT teams to deploy multiple servers and agents to cover everything. A single map might not show everything. Deployment can be automatic, but it requires special consideration. In agentless scanning, it is easy to scale from a single server to a large data center. It usually uses lightweight protocols that can scale to large environments easily.
Agent-based scanning tools often cost more than $100,000 per year, forcing IT departments to go through a long procurement process or map only part of their environment to save money. Agentless scanning tools are far cheaper, and one license is needed to map an entire environment.
If you want to learn more about an IT mapping software that is agentless and based on passive scanning, start a free trial of Faddom at the right today.