Tackle the “Itches” of Traditional Vulnerability Management
With a drastically growing remote workforce, many organizations are looking into how to get complete coverage without the need for complex infrastructure or software. A lightweight endpoint agent will enable such broader and increased coverage. It also solves some of the “itches” that traditional vulnerability management has experienced since it was first established over 20 years ago.
Here’s a summary of why you should adopt an agent-based vulnerability management approach – as an addition to your traditional vulnerability management program.
1. Extend Coverage
One of the keys to success when working with vulnerability management is to have as complete asset coverage as possible to avoid blank spots. Remember that a hacker only needs one single way into your systems. One of the challenges with traditional vulnerability management is that scanning is performed remotely from outside the system. Accordingly, these scans will only detect vulnerabilities found from the outside. You can solve this by running authenticated scans. However, this requires the system to be within your network, and you need to share credentials with a third-party system. Using a lightweight endpoint agent, you can cover all devices, such as computers and laptops, and the business-critical systems that you either can’t or don’t want to scan. The agent will have direct access to the device itself, enabling it to map the entire system and its installed software, providing extended asset coverage and extended software coverage within each asset.
2. Cover Your Remote Workforce
The pandemic has drastically increased the number of users working from home. Traditional vulnerability management can only scan systems and devices that are found within its reach, meaning that remote devices, such as laptops will not be covered. A lightweight endpoint agent will scan laptops wherever they are. The agent will collect software information from the device and send it to the vulnerability management platform for vulnerability detection. Using less than 5 % CPU, the agent operates in the background without impacting the user.
3. Improve Accuracy
Because traditional vulnerability management is performed remotely from outside of the system, these scans will only detect vulnerabilities that can be found from the outside based on network communication with the system over TCP/IP using different ports. Since a lightweight endpoint agent operates within the system, it will get exact information about the software installed, and its versions to more accurately match this against known vulnerabilities.
4. Scan - without Actual Scanning
Although the vulnerability management scanning technology is very well developed and safe, it can still have a negative impact on your systems and networks. Behaviors of different systems when getting scanned can be hard to predict. Using a lightweight endpoint agent, you avoid remote scanning of a system, reducing the risk of negative impact.
5. Follow Devices over Time
One of the challenges with vulnerability management is to follow mobile devices over time. Traditional vulnerability management requires a static IP address as the unique identifier for tracking. Computers in office networks are usually connected using the DHCP protocol (Dynamic Host Configuration Protocol). Accordingly, tracking based on an IP address in a dynamic network is impossible. With a lightweight endpoint agent, you create a virtual connection between the vulnerability management platform and the device, making it possible to track it over time without any network requirements.
6. Stronger Defense against Ransomware
Over 90% of all attacks start with an email attack – so-called social engineering. Cybercriminals lure people into clicking on malicious files or documents that infect the computer with a virus. Sometimes this virus is the starting point of a ransomware attack. The virus will take advantage of any exploitable software vulnerabilities on the computer, using the infected computer to exploit other vulnerabilities and spread further into the organizations’ network and systems. Using a lightweight endpoint agent, you can proactively find and remediate vulnerabilities exposed in ransomware attacks before they cause any harm.
Summary
Why you should extend your vulnerability management program with a lightweight endpoint agent.
- Extend coverage, including remote workers regardless of location.
- Improve accuracy to find more vulnerabilities.
- Cover systems that you don’t want to scan remotely.
- Track your mobile devices, like computers and laptops, wherever they are at all times.
- Strengthen your cyber security defense against ransomware attacks.
Get Started With a Lightweight Endpoint Agent
Holm Security provides a lightweight endpoint agent called Device Agent. The agent is an integrated part of our platform. We love to tell you more about how our agent-based solutions can help you improve your vulnerability management program and your cyber security defense accordingly.
Stefan Thelberg
Founder and CEO of Holm Security. Stefan is one of Sweden's most prominent cyber security entrepreneurs. With nearly 25 years of experience, he is a seasoned professional.