Yesterday I did a webinar that raised a question I was not expecting – isn’t debating agent-based versus agentless solutions for IoT security a pretty esoteric point, and aren’t there a lot more important things to be discussing on the topic?
Emphatically the answer is no; understanding the requirement of using agentless security solutions for IoT/OT/ICS systems is actually the foundation of being successful in remediating IoT devices. Many traditional IT security solutions are agent-based, meaning that they place an agent (software code) onto the device in order to manage cyber hygiene and remediation functions such as firmware patching, password rotations, and certificate deployments. It’s fair to say that agent-based solutions dominate the IT security world in part because in the IT or datacenter context of cybersecurity the devices (servers, laptops, mobile devices, cloud infrastructure, etc) all use standard operating systems that provide a standardized platform for agents to be developed for. In that context it makes a lot of sense to leverage the innate capabilities of Windows or Linux in order to efficiently perform tasks.
IoT, OT, and ICS devices broadly lack standard operating systems; as purpose-built devices they benefit from not having the heavy overhead of a general purpose operating system. While many devices are based on Linux they are often variants or custom versions of Linux, and many use their own proprietary code in combination with parts of Linux. Further complicating the issue is that many IoT deployments use multiple vendors for devices that offer similar functionality. A great example of this is IP cameras, where an organization may use several makes, models, and vintages based on how needs and budget have developed over time. A few models might accept an agent being placed inside and operating within the device, but most will not.
That’s why it is foundational to focus on only agentless IoT security solutions where there is no software code being placed onto the device. There are several other reasons too (we’ll discuss in a moment), but the most basic one is that if you start down a path where you are placing and managing software code onto IoT devices you are heading down a dead-end. Even if you use only a limited number of IoT devices the vast range of IoT (printers, building automation systems, manufacturing, access control, etc) makes it a guarantee that you will not be able to use the same IoT security solution across all of them unless it is agentless.
As opposed to putting an agent onto a device, agentless IoT security solutions operate at a different point within the infrastructure, typically at the network or server level. This is another advantage compared to agent-based; by operating outside of the device itself an agentless solution gains many advantages of being able to see all of the infrastructure related to the device, such as applications, storage, and networking that connects IoT devices and enables the overall workflow. Most enterprise IoT deployments are tightly-coupled IoT, where devices, applications, and infrastructure work together as a team to accomplish a job and deliver business value. It only makes sense that IoT security solutions recognize the tightly-coupled environment, because in remediating the device an IoT security solution must also ensure that the complete workflow is restored, performing, and in compliance. Agent-based solutions lack the visibility across the workflow to make that happen.
There are several other reasons that successful IoT security solutions for asset discovery, threat assessment, and vulnerability remediation are agentless. Agents are okay if you’ve got a limited number of devices (think servers in a datacenter), but with IoT devices often being 20x more in number within an organization the sheer task of placing and managing devices is overwhelming. Agentless IoT security solutions benefit from a one-to-many relationship, making the deployment and ongoing management much faster and easier. Likewise there is often no manufacturer-provided path for installing agents on IoT devices, leading to cases where the warrantee can be voided or the device is rendered unstable through the attempt to install code on it. IoT devices are made to be purpose-built and efficient; by adding software to it that the manufacturer never intended to be there it is likely that you will stretch or break its onboard storage, memory, and compute capabilities.
Viakoo partners with other agentless IoT security solutions, especially asset discovery solutions including Armis, Forescout, Nozomi, and others. Together our solutions provide extensible support so that all of your IoT, OT, and ICS assets can be visible, operational, and secure. The ecosystem for agentless cybersecurity is complete, scalable, automated, and proven. IoT vulnerabilities are the fastest growing attack vector, setting a record in 2022 with over 3 billion IoT attacks recorded. The stakes could not be higher when it comes to getting it right, and getting it deployed quickly and comprehensively. Don’t put your organization at risk by heading down a dead-end of trying to use agents.
Like to go deeper on this topic? In addition to our webinar on agentless IoT vulnerability remediation, Viakoo experts are available to discuss your specific situation. Click here to reserve time and see for yourself the advantages a fully agentless architecture can offer.