Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Debunking the agent vs. agentless approach to IoT security

In today’s ever-changing threat environment, there is an ongoing debate about which network security approach is best for protecting IoT environments — agent or agentless. Each technique impacts the efficiency of IT operations and overall network security compliance differently, however, when it comes to IoT security, taking an agentless approach is ultimately more effective. Here’s why.

What is an agent?

Agents are a piece of software that companies or manufacturers install in computers, laptops and mobile phones that have capabilities to manage and protect them. An example of an agent is antivirus software that resides in a computer to check for malware. Agents work well to secure these traditional devices since they are built with common operating systems (OSes), such as Windows, Mac, Android and iPhone. The problem, however, is with non-traditional devices — for example, internet of things devices such as IP-connected printers, HVACs, smart lightbulbs and conference calling systems — that have unique OSes and prevent organizations from installing an agent. As a result, traditional security agents are not capable of offering the visibility and control necessary to protect against cyberthreats.

For example, let’s take a deeper look at one of the most common IoT devices found in an enterprise: a printer. Printers are essentially computers, but are built with different capabilities than traditional devices and, because of this, there is often not a place to install an agent. This concept, the inability to install an agent, applies true for all non-traditional devices without traditional (or closed) OSes, leaving organizations vulnerable to IoT hacks and even data theft. That’s where an agentless approach to network security comes in.

The agentless advantage

Agentless security technologies make the invisible, visible (that is, illuminate the devices that agent-based software cannot see). These bring visibility to blind spots in enterprise networks with their ability to identify, classify and protect devices without traditional OSes. With an agentless technology, today’s IoT devices can be discovered in real time, classified with the proper user and device information, monitored for irregular behavior, and even blocked or isolated if needed. Agentless network security can also reduce IT support costs by automating asset management and proactively targeting remediation activities, such as limiting access to the internet.

Taking the burden off IT

An agentless security strategy also helps optimize the security investments an organization already made. Most companies have already invested in tons of different security tools that are mostly blind to these new IoT devices. By orchestrating information sharing from your agentless technology, you can break down siloes and automate and accelerate threat response.

For example, during the Mirai attack last fall, hundreds of thousands of digital cameras were compromised and performed a distributed denial-of-service attack on Dyn, a large DNS provider, bringing down most of the internet in the East Coast of the U.S. for several hours. Organizations with an agentless security method would be able to identify the digital cameras in their environment and share this information with their firewall technology to prevent them from communicating with the internet (except for patches and updates). Ultimately, an agentless approach can make your other investments in security tools more effective.

Your enterprise IoT security strategy

Knowing that there is an estimated 28 billion devices expected to connect to networks in the next couple of years — and that the cost of a data breach is approximately $3.6 million — organizations cannot afford to have these rogue devices going unnoticed and unprotected. We’ve already experienced one high-profile IoT breach with the Mirai botnet in Oct. 2016, and it’s only a matter of time until the next large-scale attack will surface. The time is now for both C-levels and IT managers to ask themselves if their IoT is truly secure and, if not, how they can change their strategy to protect it effectively.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.