Table of contents
There are two major ways of asset discovery: agent-based and agentless. Most organizations often have a hard time choosing between agent-based discovery or agentless discovery of assets.
Before finding out the differences between both in detail, let’s have a quick recap of what both systems do.
A quick overview of agent-based vs. agentless discovery systems
Agent-based discovery systems use agents on individual devices that make periodic callbacks to a central database or management server. That is, agent-based solutions require you to install code on the devices being monitored to gather the required data.
Agentless discovery is the process of discovering devices on a network without the need for agents. That is, agentless solutions communicate directly with APIs that provide rich information about the devices being monitored. Agentless systems gather data from network traffic or from other sources to identify what network devices exist, where they are located, and what features they support.
Let us take a look at both approaches in detail.
What is agent-based discovery?
Agent-based discovery is a type of software that can be used to discover assets and services in a network. It does this by using agents, which are autonomous programs that run on the devices being discovered. Discovery agents are responsible for collecting information about themselves and their surroundings, as well as transmitting it to the centralized management system.
Agent-based discovery is useful when there are large numbers of devices or systems in your environment that you want to monitor and manage over time. In addition, since these agents run autonomously on devices without requiring any user intervention (other than the initial configuration). They can be left running indefinitely after deployment and in most cases, there’s no need for administrators to manually check up on them every few months.
What is agentless discovery?
Agentless discovery is the process of discovering devices on a network without the need for agents. The most common protocols used to perform agentless discovery are Network Management Protocol (SNMP), Internet Control Message Protocol (ICMP), and Address Resolution Protocol (ARP). You can use these protocols to find information about all devices on your network, even if they aren’t managed by a central server.
Agentless asset discovery is an alternative method to deploying and maintaining agents across your fleet. This process uses a central management server, which securely connects to remote operating systems and runs a scan to extract raw application information. This method removes the need to install, maintain, and update agents across the fleet of devices connected to your network. But it requires elevated privileges to execute the remote scan and will not be able to determine the usage of any software on those devices.
Agentless vs agent-based discovery
Agent-based and agentless discovery methods should be viewed as tools to help you determine what is connected to your network, what kind of data can be extracted from that device, and how to manage it. Both will work effectively to get the job done. More often than not, which tool you need is determined by the depth of information needed to make informed decisions about security, compliance, and asset management.
For example, agent-based solutions are more resource heavy because of their ability to collect information from deep within a remote system. It delivers unparalleled insights into IT environments through continuous monitoring of services, network usage, CPU performance, file systems usage, and RAM. Agents are deployed directly to the device and only require the target device to be powered on.
Agentless monitoring tools are fast and can be extremely efficient at providing deep visibility into the status of your network. Agentless solutions can be a viable option in less complex environments and are much faster than agent-based solutions, but they lack some important details.
Here is what you must know about agentless vs agent-based discovery.
|Level of visibility and information gathered||Provides deep visibility into your IT environment by collecting performance and availability metrics from servers, laptops, desktops, VMs, operating systems, middleware, and network devices.||Limited in terms of visibility and coverage as it relies on low-frequency data collection. Agentless monitoring provides limited metrics, resulting in fewer insights into IT assets.|
|Ease of deployment||Complex deployment process as it involves installing agents on each network device and server in a data center.||Faster and easier to implement, has less deployment or maintenance issues.|
|Type of information gathered||Agents installed on systems gather comprehensive data, such as service availability, network usage, CPU performance, file systems usage, RAM and more, to help pinpoint problems and aid in troubleshooting.||Agentless IT asset discovery is accomplished via DPI (Deep Packet Inspection) of network and communications. It gives you real-time visibility and immediate insight into your IT assets and allows you to gain granular insights about devices on the network and use those details to monitor for potential security issues.|
|Infrastructure covered||All infrastructure types, including IoT, public cloud, containers, VMs, middleware, servers, and network devices.||All infrastructure types, including IoT, public cloud, containers, VMs, servers, and network devices.|
Before delving into which discovery option suits your business, find out how network asset discovery benefit your business.
Which discovery option works best for your business: agent-based or agentless?
Here are some points to consider while choosing agent-based or agentless discovery.
Security is a big concern for all businesses, especially smaller ones. Every open port on your network presents a potential vulnerability that could be exploited by hackers in order to gain access to sensitive data or even take control of your computers and servers. Your discovery agent should be able to offer high levels of protection by scanning your network and identifying any ports that have been left open.
|Agent-based||Agent-based discovery offers deeper visibility into your system and can provide security at any point in its runtime. If you want your discovery tool to do more for you than just alerting you about events after the fact, an agent based tool will be able to provide deeper visibility into what’s happening on your network.||While this model offers deeper visibility, some of its pros can also be cons due to the extra layer of complexity required to install and manage the agents. Automation and support may be needed to deploy and manage the agents which could impact system performance if not configured properly|
|Agentess||An agentless product means you can turn your machine into a security monitoring tool with minimal effort. You don’t even have to install an agent on the machine. This can be a perfect fit for organizations that have limited IT resources or the desire to perform security monitoring without installing additional software on the endpoints.||The agentless approach provides organizations with real-time discovery, but little visibility of the assets being discovered. This results in devices that go undetected and can put your data at risk.|
The difference between agent-based and agentless discovery becomes more apparent in terms of deployment. While agent-based has a complex process that requires maintenance, agentless if easier and faster.
|Agent-based||Agent-based monitoring is ideal for situations where you have poor quality networks or issues with your network availability, such as monitoring endpoints in remote locations or disconnected from the corporate network. Since agents are not dependent on your network and therefore don’t rely on connecting to resources, they can automatically monitor your IT devices as soon as they are enabled.||However, the typical agent-based discovery solution has a number of deployment issues. In addition to the complexity of installing agents, there are a number of deployment issues that must be addressed before an enterprise can take advantage of agent-based network discovery. For example, it’s not uncommon to find that many servers on your network do not have outbound ports open, making it difficult to complete the discovery process.|
|Agentess||Agentless network discovery solutions also need to make changes on each endpoint, but the advantage here is that you can upgrade them independently and without the need for an agent.||Agentless monitors do not require installing a software agent on their targets, which means that no computing resource overhead is added to the system being monitored. However, this also means that monitoring activities must be carried out over the network, resulting in increased network overhead. Agentless solutions are also less capable of detecting issues when connected via low-bandwidth or intermittent networks.|
3. Impact on resource consumption
Agentless and agent-based network discovery solutions both have their pros and cons, but they do not directly impact resources in the same way. The former requires data transfer over the network, whereas the latter needs to run on every server. This can be a strain on CPU and memory resources as each agent needs to be running continuously to send performance data back to the vendor’s cloud-based data collector.
The network discovery process contains many moving parts and steps, which are all resource-intensive. The traditional approach of an agent on every server that has to examine resources has its advantages in terms of speed and accuracy, but it also brings about some limitations. On the other hand, an agentless solution does not have the same level of control over measurements as an agent-based solution does. However, if the required data can be sent over the network using a protocol like SNMP or WMI then it might be possible to use an Agentless solution.
|Agent-based||Agent-based discovery tools use minimal network bandwidth.||Agent-based methods necessitate computing resources on target systems, potentially reducing performance with limited resources. They also necessitate constant surveillance, troubleshooting, and patching for agents on target systems.|
|Agentless||Agentless monitoring doesn’t require additional resources, and there is no impact on target systems. An agentless discovery tool doesn’t need maintenance such as monitoring and patching.||Agentless monitoring uses more network bandwidth and is heavily dependent on the availability of network.|
4. Accuracy and scalability
Agentless and agent-based network discovery software both identify all applications and their dependencies.
|Agent-based||Agent-based discovery solutions are known for being much easier to scale, as they can handle many more connections at the same time. This is because they use a dedicated agent (or several) on every machine to report back to the server.||Agent-based discovery is particularly difficult in large, geographically dispersed organizations and requires a significant investment of time and effort to build, maintain and operate.|
|Agentless||Agentless asset discovery solutions are designed to be easy to implement, self-integrating and light on resources, making it easier for IT managers to discover assets across their organization.||Most agentless network discovery solutions rely on low-frequency data collection. This usually results in low accuracy and less applications and dependencies identified on your map.|
Virima Discovery – the best of both worlds
Virima’s IT Asset Discovery software is one of the most powerful, feature-rich, and cost effective software in the market that delivers an accurate inventory for all your IT assets – both physical and virtual.
With its agent-based as well as agentless IP-based scanning of both your on premises and cloud environments, Virima allows you to automatically detect thousands of physical and virtual assets, hundreds of hardware configurations and virtually any installed software across Windows, Linux, Unix and Mac operating systems.
The multi-tenant architecture enables user organizations to scale up as well as down according to their needs without paying any additional license fees.
As you migrate to the cloud, and build out your multi-cloud IT organization, it’s imperative to have a single point of truth for your infrastructure and work-from-anywhere capabilities. With Virima Discovery, you can scan both physical and virtual assets across all of your cloud environments, including AWS and Azure. It integrates with multiple public cloud providers including AWS and Azure so that you can discover new instances deployed in public clouds.
Find out more about Virima’s agent-based and agentless discovery and service mapping.