Agent vs. Agent-less auditing

Similar documents
Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

Network Station - Thin Client Computing - Overview

IBM Tivoli Endpoint Manager for Lifecycle Management

Information Technology Solutions

NetSupport Manager v11

Managed Service Plans

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

IBM Tivoli Endpoint Manager for Lifecycle Management

SECURELINK.COM REMOTE SUPPORT NETWORK

xassets Hosted Services Microsoft SAM Assist Audits with xassets

BEST PRACTICES WHITE PAPER. BMC BladeLogic Client Automation and Intel Core vpro Processors

Network Discovery 6.0. xassets Network Discovery 6.0

Network device management solution

Storage Guardian Remote Backup Restore and Archive Services

Kaseya IT Automation Framework

The Remote Data Backup & Restore Service from

Introducing FUJITSU Software Systemwalker Centric Manager V15.1.1

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

Devising a Server Protection Strategy with Trend Micro

DriveLock and Windows 7

Network device management solution.

Virtual Desktop Infrastructure Planning Overview

SUMMIT ASSET MANAGEMENT DATASHEET

Devising a Server Protection Strategy with Trend Micro

SapphireIMS 4.0 Asset Management Feature Specification

Complete Patch Management

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

How Solace Message Routers Reduce the Cost of IT Infrastructure

Cisco WAAS Optimized for Citrix XenDesktop

ALTIRIS Package Server

FREQUENTLY ASKED QUESTIONS

IBM Tivoli Endpoint Manager for Security and Compliance

Symantec Backup Exec.cloud

KASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, Kaseya Catalog Kaseya Copyright All rights reserved.

How To Protect Your Data From Harm

Dynamic Service Desk. Unified IT Management. Solution Overview

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

SiteCelerate white paper

Remote control/problem resolution

NetCrunch 6. AdRem. Network Monitoring Server. Document. Monitor. Manage

TSplus White Paper 1

Remote Desktop Services

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

whitepaper Absolute Manage: Client Management Managing Macs in a Windows Environment

The Business Case Migration to Windows Server 2012 R2 with Lenovo Servers

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Remote Control/Problem Resolution

Print Audit 6 Technical Overview

System Management. What are my options for deploying System Management on remote computers?

DATA BACKUP & RESTORE

Mobile Device Management

Table of Contents Release Notes 2013/04/08. Introduction in OS Deployment Manager. in Security Manager Known issues

IBM Tivoli Endpoint Manager for Security and Compliance

Implementing HIPAA Compliance with ScriptLogic

Evaluation Guide. iprism Web Security V7.000

BMC CONTROL-M Agentless Tips & Tricks TECHNICAL WHITE PAPER

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

SOLARWINDS ENGINEER S TOOLSET FAST FIXES TO NETWORK ISSUES

WHITE PAPER. Extending the Reach of the Help Desk With Web-based Asset Management Will Significantly Improve Your Support Operations

VSI Predict Able. We Focus on Your IT So You Can Focus on Your Business

Encryption as a Cloud Service provides the lowest TCO

Online Backup Plus Frequently Asked Questions

pt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be.

Managing Central Monitoring in Distributed Systems

Do you know what makes NetSupport Manager so unique?

The EVault Portfolio

Imaging Computing Server User Guide

WhitePaper CHOOSING THE RIGHT THIN CLIENT DEVICES, OS & MANAGEMENT SOFTWARE. What to look out for when buying thin client software and hardware

Take Back Control in IT. Desktop & Server Management (DSM)

On the Deficiencies of Active Network Discovery Systems

Freshservice Discovery Probe User Guide

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Outgoing VDI Gateways:

Deploying VSaaS and Hosted Solutions Using CompleteView

Altiris IT Management Suite 7.1 from Symantec

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Virtualization Support - Real Backups of Virtual Environments

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

OVERVIEW. IQmedia Networks Technical Brief

Server Based Desktop Virtualization with Mobile Thin Clients

RSA SecurID Two-factor Authentication

Windows 7. Qing Liu Michael Stevens

BEST PRACTICES. Systems Management.

IBM Endpoint Manager for Lifecycle Management

2X ThinClientServer: How it works An introduction to 2X ThinClientServer, its features and components

Symantec NetBackup 7.5 for VMware

BUYER S GUIDE: PC INVENTORY AND SOFTWARE USAGE METERING TOOLS

Patch Management SoftwareTechnical Specs

White Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.

Enterprise Energy Management with JouleX and Cisco EnergyWise

Transcription:

Centennial Discovery Agent vs. Agent-less auditing Building fast, efficient & dynamic audits As network discovery solutions have evolved over recent years, two distinct approaches have emerged: using client-based agents to collect hardware and software data or sweeping the network with an agent-less methodology. On the surface, eliminating the need to install software on the client is appealing. However, without a persistent presence on the device, challenges arise in tracking, depth of audit, and scalability. While an agent-less solution might work for a small organization wanting just a one-time snapshot of its IT inventory, this approach runs into serious trouble when it comes to auditing more complex, enterprise infrastructures or when it s necessary to maintain a comprehensive, dynamic inventory of all IT assets. Performance & Scalability On networks of 100 PCs or less, the speed of audits and the volume of data traffic generated may not be major considerations. Performance plays an increasingly important role the more PCs one audits, and the faster one wants to know about changes. When it comes to building fast, network-friendly audits, not all solutions are created equal. We do not want to install a client agent on our machines For organizations that are adamant against installing client agents on their network machines, Centennial Discovery has an answer. The installation of one or more clients on a few machines within a subnet will allow Centennial Discovery to discover network assets and bring back general hardware information about them (IP address, MAC ID, NetBIOS name, domain, type of asset, etc.). Those machines with client agents installed will also report back a full software and hardware inventory along with usage. This approach allows for real-time network discovery of any asset joining the network at any time. While Centennial does not recommend the limited use of agents in enterprise network environments, it can be supported and still provides useful information back to the administrator. Local vs. remote scanning Because agent-less solutions have no software at the client side, they rely entirely on operating system calls performed from the central server and sent to the client via the corporate network. As this process is repeated for each and every audit command issued, it often results in hundreds of calls crossing the network per PC per audit, as each file on the hard disk is found, opened, scanned and reported back to the server (in fact, it s very similar to a desktop user searching for a file on a network drive, a process not known for its speed).

Centennial Discovery s cllient agents do not need constant prompts from the server. They normally run on a pre-defined schedule (on-demand audits can also be initiated as necessary from the Control Center) and locally select what data to report back to the server, dramatically reducing the network traffic during an audit. This agent-based approach dramatically decreases the network bandwidth consumed by an audit, reduces the time it takes to conduct a full audit and minimizes the impact on business operations. Since all communication is initiated by the client agent, audits can be performed and reported from inside or external to the corporate network. Further reducing audit data traffic As well as carefully selecting what to report in the first place, Centennial Discovery uses a client-side data compressor to further reduce the size of audit reports by 40 to 60 percent. In contrast, an agent-less solution has no way of compressing the data at the client end, forcing the full audit data packet to be transmitted across the corporate network every time an audit is conducted and wasting precious bandwidth. Initial Audit 30k - 70k Delta Audits 1k - 2k Agent Based Communication This means that the traffic generated by a first-time Centennial Discovery audit is often down to as little as 30 KB per PC, compared with more than 2.5 MB for most agent-less solutions. Delta-only reporting Together with its built-in data compressor, Centennial Discovery again reduces the amount of audit data sent back to the control center on subsequent audits by only reporting the changes on a machine since the last audit. By locally comparing the latest audit against the previous one, the client agent automatically strips out any unchanged data and only reports on changes (deltas) that occurred in between the two scans. The resulting network-friendly data packet is typically less than 2 KB per machine. An agent-less solution, in comparison, cannot compare audit information at the client, which means that a full report must be transmitted back to the Control Center every time an audit is conducted. With full reports typically no smaller than 1 MB in size, the impact on the network can be substantial. Client agent footprint The number one selling point of agent-less discovery solutions is their perceived ability to reduce administrator workload. Vendors of such solutions espouse the benefits of no client agent footprint, low memory demands and user transparency. While these claims have some ground against other solutions in which agents consume as much as 40 MB of disk space, with Centennial Discovery it simply isn t an issue. The small footprint of the Centennial Discovery agent (typically just 1.5 MB) combined with the fact that there is a 0% performance impact when the agent is not actively performing an audit means that one gets all of the benefits of a client-based discovery solution with the same user transparency as an agent-less solution. 2

When Agent-less doesn t really mean Agent-less Some solutions that promote themselves as agent-less simply aren t. It is not uncommon to find a supposedly agent-less solution installing a temporary file (often in the form of an ActiveX control) on the client machine only to then remove it again after the audit has been performed. The bandwidth overhead of this sort of pseudo agent-less approach is considerable, as the client-side file needs to be distributed to each PC every time an audit is run. It is also difficult to see what benefit is achieved by deleting a small client-side file just for the sake of claiming the solution is agent-less. Another common scenario is for an agent-less solution to copy (but not install) a server-side.exe file to the PC. As well as offering an inferior quality of audit (this type of scan is usually run in user context which means that any files inaccessible to the user are also hidden from the scan), this deployment method has a severe impact on the network as it effectively involves doing a complete agent deployment each and every time an audit is requested. Efficiency & Effectiveness The ability to keep monitoring systems even when an audit is not being performed is a key benefit of advanced agent-based solutions. In this age of asset and identify theft, an agent-based solution is the only way to find and recover stolen assets. The stolen laptop business case As a result of its powerful agent-based technology, Centennial Discovery has helped organizations identify that asset theft has occurred and has made the recovery of critical hardware possible. With an agent existing on a machine, an administrator can immediately determine that an asset is no longer responding as required. To further aid administrators, Centennial Discovery has several specific dashboard graphs to show which assets have not reported in specific time frames. In one particular case study, a laptop was stolen from a real estate company by a disgruntled employee. This employee took the laptop across state lines, using it for personal use. Unbeknownst to the user, this machine had a Discovery agent installed on it. While connected to the Internet, this laptop phoned home to the organization s Discovery server, sending the delta audit of hardware and software changes along with the machine s current IP address. The Discovery administrator was able to see the information that the machine was reporting, identified the ISP who owned the IP address, notified the ISP of the need to retrieve this customer s record, and together with authorities, the organization was able to recover the stolen laptop. Without an agent reporting back to a server on a regular basis, it is impossible for administrators to know when assets are stolen, where they are physically located and how to recover them. Autonomous monitoring Unlike an agent-less solution, Centennial Discovery s client agents can keep a constant watch for changes in their local network segments, automatically discovering new PCs and other IP devices (network printers, switches, servers etc.) as they are added or removed. Conversely, when a machine stops reporting back to the central server, the administrator can be alerted to its lack of activity and can investigate. 3

Centennial Discovery determines the physical location of network assets and can alert administrators when these assets move. For example, if a server or machine containing confidential information moves from a secured physical location (i.e., 6th floor Secure Server Room) to an insecure physical location (5th floor Purchasing), an administrator can be alerted to this change dynamically and can immediately investigate. With an agent-less solution, such changes will not be discovered until the next audit when any information or asset theft would have already occurred. Easy deployment The suggestion that agent-less discovery solutions are easier to deploy is often a myth. In reality, it is usually just as easy to push a client agent to a machine on the network as it is to conduct a remote scan. Centennial Discovery supports multiple agent deployment mechanisms, enabling administrators to choose the method that best matches their needs and network. Whereas most agent-based audit products still require administrators to manually identify how many machines are on the network, Centennial Discovery s unique LANProbe technology automatically begins listening to native network traffic for all IP devices as soon as just a single agent is deployed (giving administrators the 100% network visibility needed to ensure that all machines that need to be audited get an agent deployed to them). An agent-less solution can even cause a doubling-up of effort, since it often requires one team to set up the necessary administrator rights on the network and another to actually perform the audit every time. Complete audits Just as collecting audit data quickly and with minimal user impact is important, so is knowing that the inventory information is as accurate and comprehensive as possible. However, there is often a gap between the quantity and quality of data collected by agent-based and agent-less solutions. Usage information For many organizations, an IT discovery tool is purchased in order to provide peace of mind that the network is operating effectively and that it is appropriately resourced. In this way, knowing how often hardware or software is used is almost as important as discovering it in the first place. For an agent-less solution, with no permanent link back to the central server, this is an impossible task. This means that administrators will not have access to vital information to help determine current software compliance or scope future software and hardware purchases. Centennial Discovery provides thorough usage information whether through direct access, Citrix or pure thin client. Deep dive vs. a snapshot While agent-less solutions may be adequate for creating a snapshot of a small network, one of the common criticisms of such solutions is that they do not provide a complete PC and software audit (as most are not able to access BIOS or registry information). Since an agent-less audit tool has no software sitting on the client machine, it is difficult for the product to collect the same breadth and depth of data collected by Centennial Discovery. 4

This detailed information can then be invaluable when it comes to using audit data to support other IT functions, such as analyzing the vulnerabilities of software or planning for mission-critical IT projects including OS migrations, hardware refreshes and application upgrades. 100% network audit A common issue with many discovery tools is having confidence that the product has accurately identified and audited all PCs (and, if desired, other devices) on the network. With many solutions, both agent-based and agent-less, it is easy to simply miss a machine or even a whole section of the network. Thanks to its unique LANProbe technology, Centennial Discovery ensures that every IP-addressable device on the network is found (from PCs and servers to routers, switches and network printers). This ensures a 100% accurate inventory every time, regardless of whether or not the administrator knew about the IT asset prior to the audit. Auditing across a Public Network/Internet With home and remote working now a common trend, many organizations use public network or Internet connections to enable staff to access email or connect to the corporate network. However, remote or not, if the machines being used by these employees are company property, then they will need to be included in any IT audit. As a result of the way in which most networks are set up, it is not possible to initiate a scan of a remote machine from the corporate network with an agent-less solution. It is possible to do it the other way around, but that requires some software at the client end, which means one needs an agent-based solution! Security Although not always an obvious factor when it comes to auditing, IT security is nonetheless critical to many organizations (especially if one is auditing across a public network see above). Encrypted communications Encrypting any form of data communications requires specialized software at both the sending and receiving ends. As an agent-less product has no client-side software, encrypting the traffic between the client and central server usually is not possible. Centennial Discovery uses encryption based on the proven Blowfish algorithm to secure both audit reports and client agent deployments as well as ensure accurate client authentication. This encrypted communication also ensures that data packets sent from the client or the server are validated, thus, removing any possibility of malicious code accompanying the communication. OS security As agent-less discovery solutions have no client-side software of their own, they rely on whatever security is inherent in the network operating system (the flaws of which are often well-documented) to secure the transmission of data over the network. 5

Conclusion For all their claimed benefits, agent-less discovery solutions are really best suited to very small organizations that lack the need or desire for regular and in-depth IT inventory information. As the number of devices and frequency of audits rises, the agent-less solution begins to run into trouble with incomplete audits, spiraling administrative costs, network inefficiencies and potentially serious security implications. For those organizations that need performance, reliability, dynamic updates and ease of use, Centennial Discovery offes enterprise organizations long-term benefits that simply cannot be matched by their agent-less counterparts. Supported platforms Windows 98SE, ME, NT4, XP, 2003, VISTA Unix RedHat 9 & ES2+, SUSE 9+, HP-UX 11i v1, IBM AIX 5L v5.3 Mac Terminal Services OSX 10.3.9, 10.4.5 & 10.4.6 on PowerPC Windows 2000 & 2003, Citrix Metaframe www.centennial-software.com EMEA +44 (0)1793 836200 USA +1 503-238-7455 APAC +61 (0)2 8002 4050 2007 Centennial Software Limited. Centennial Discovery is a registered trademark of Centennial Software Limited. All other brands, trademarks and registered trademarks are the property of their respective owners. Printed 2006.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information