IT Asset Discovery and Inventory 5 Reasons to Go Agentless

  • Posted by: Bruce Aboudara

We are all very familiar with software agents. Many enterprise software tools have their own need for one that is generally unique to their application. These agents are useful as they tend to act on the environment and run without continuous supervision, while transmitting data or performing some function essential to the system it resides on. But there are downsides depending on the use case. There are of course always InfoSec concerns about introducing another agent. But they also require fairly intense operations support due to concerns about bandwidth, compatibility, the need to comply with change management processes and, worse yet, one size does not fit all cases.

That is where the agentless approach can help. Let’s look at five reasons to make use of an agentless discovery and tracking capability.

First off, you don’t know what you don’t know. Agents can only be installed on machines that are known and managed. Agentless scanning provides a very quick way to identify any delta between what is on the network and what has an agent installed. This gap analysis can easily address questions about security, compliance, cost and be used in migration planning to name just a few.

Secondly, a need to know now. Agentless scanning can provide a very rapid discovery of networked devices and present an almost instant picture of the nature of an ITAM estate. Consider the effort to certify an agent, implement the change management program, accomplish the deployment (which never goes easily the first time) and wait for the data to accumulate. An agentless program can be accomplished in a matter of hours and begin returning data immediately.

Our third reason applies to the audit or investigation of IT Assets in an otherwise tightly controlled section of a network. In the situation where speed is essential or software installations are not allowed, often a service account will have remote access already and leveraging this for discovery and inventory is a very real option.

Fourth on our list are areas where IT policy severely restricts the use of agents. Data center inventory is probably the most common. Although server estates are often tightly controlled and monitored, a simple agentless scan almost always reveals new or a previously unknown architecture. This can be new Virtual Machines, databases and software liabilities that may have been created quite simply by accident. It is often the case that new VMs are created using clones of existing ones without considering the software and services installed and running on them.

Number five is about future proofing. Agentless probe development is incredibly agile, whether it be developing a brand-new probe or extending the capability of an existing one. In a SaaS deployment development can often happen within a single iteration and sometimes even faster. Because the infrastructure is already in place, new capabilities can be implemented with no change to the endpoints. Updating an agent (even its configuration) is often tightly bound in change control and time-consuming process, especially when the size of the asset pool starts to exceed a few thousand. With new device types continuing to emerge, such as IOT, this adaptability will be critical.

A robust, fully integrated discovery and tracking tool is key to providing the foundational data quality that is needed in all sorts of situations. Whether looking for rapid physical audit support, a security assessment of who has what asset and where it is or supporting a software asset management program, agentless discovery plays a key role. When looking at agentless tools you should consider an integrated solution such as Asset Vision®. Asset Vision incorporates discovery, inventory, normalization and reconciliation in a single solution which will help ensure you achieve rapid results with the highest asset data quality.

Author: Bruce Aboudara

Leave a Reply