March 22, 2022
Traditional vulnerability management is a cornerstone in modern cyber security defense. The success of vulnerability management is based on its efficiency and simplicity. It is easy to get started, and you get broad coverage without significant interferences to your systems and devices. Systems and networks are scanned in the cloud or across local infrastructure using a locally installed probe that scans everything within its reach. Using this technology, organizations can find, remediate, and follow up on vulnerabilities across their systems to strengthen their cyber security defenses. But what about computers that are connecting to the organization remotely, like the remote workforce using laptops? Here traditional vulnerability management has a weakness: the solution - a lightweight endpoint agent.
With a drastically growing remote workforce, many organizations are looking into how to get complete coverage without the need for complex infrastructure or software. A lightweight endpoint agent will enable such broader and increased coverage. It also solves some of the “itches” that traditional vulnerability management has experienced since it was first established over 20 years ago.
Here’s a summary of why you should adopt an agent-based vulnerability management approach – as an addition to your traditional vulnerability management program.
One of the keys to success when working with vulnerability management is to have as complete asset coverage as possible to avoid blank spots. Remember that a hacker only needs one single way into your systems. One of the challenges with traditional vulnerability management is that scanning is performed remotely from outside the system. Accordingly, these scans will only detect vulnerabilities found from the outside. You can solve this by running authenticated scans. However, this requires the system to be within your network, and you need to share credentials with a third-party system. Using a lightweight endpoint agent, you can cover all devices, such as computers and laptops, and the business-critical systems that you either can’t or don’t want to scan. The agent will have direct access to the device itself, enabling it to map the entire system and its installed software, providing extended asset coverage and extended software coverage within each asset.
The pandemic has drastically increased the number of users working from home. Traditional vulnerability management can only scan systems and devices that are found within its reach, meaning that remote devices, such as laptops will not be covered. A lightweight endpoint agent will scan laptops wherever they are. The agent will collect software information from the device and send it to the vulnerability management platform for vulnerability detection. Using less than 5 % CPU, the agent operates in the background without impacting the user.
Because traditional vulnerability management is performed remotely from outside of the system, these scans will only detect vulnerabilities that can be found from the outside based on network communication with the system over TCP/IP using different ports. Since a lightweight endpoint agent operates within the system, it will get exact information about the software installed, and its versions to more accurately match this against known vulnerabilities.
Although the vulnerability management scanning technology is very well developed and safe, it can still have a negative impact on your systems and networks. Behaviors of different systems when getting scanned can be hard to predict. Using a lightweight endpoint agent, you avoid remote scanning of a system, reducing the risk of negative impact.
One of the challenges with vulnerability management is to follow mobile devices over time. Traditional vulnerability management requires a static IP address as the unique identifier for tracking. Computers in office networks are usually connected using the DHCP protocol (Dynamic Host Configuration Protocol). Accordingly, tracking based on an IP address in a dynamic network is impossible. With a lightweight endpoint agent, you create a virtual connection between the vulnerability management platform and the device, making it possible to track it over time without any network requirements.
Over 90% of all attacks start with an email attack – so-called social engineering. Cybercriminals lure people into clicking on malicious files or documents that infect the computer with a virus. Sometimes this virus is the starting point of a ransomware attack. The virus will take advantage of any exploitable software vulnerabilities on the computer, using the infected computer to exploit other vulnerabilities and spread further into the organizations’ network and systems. Using a lightweight endpoint agent, you can proactively find and remediate vulnerabilities exposed in ransomware attacks before they cause any harm.
Why you should extend your vulnerability management program with a lightweight endpoint agent.
Holm Security provides a lightweight endpoint agent called Device Agent. The agent is an integrated part of our platform. We love to tell you more about how our agent-based solutions can help you improve your vulnerability management program and your cyber security defense accordingly.