Hi everybody.
As you can read from the title, I'm looking at agent-based VS agentless monitoring.
We are planning to deploy a SIEM in the near future, and the solution we have chosen offers both agent-based and agentless monitoring.
Our office and datacenter are located in different cities. The solution we're looking at recommendeds one agent per 25 log devices.
We've already decided to use dedicated agents for each of our customers, but we're still on the fence about going agentless for our office.
Our office has around 50 workstations, a few servers and several routers and switches.
Here are the pros and cons to each (as I'm aware of)
Agentless
Pros: 1. Ease of installation (as there isn't any) 2. Less resource intensive than agents 3. Less configuration required
Cons: 1. Potential security issues because of WMI 2. Less information is logged when compared to using agents 3. Clients might not support agentless monitoring 4. No in-depth monitoring of metrics 5. More vulnerable for downtime and network issues
Agent-based
Pros: 1. More in-depth monitoring 2. Capable to collect data from multiple LANs 3. Automatic capabilities to avoid performance issues and downtime 4. Less vulnerable to downtime and network issues
Cons: 1. Settings up agents takes time to deploy 2. More resources are required 3. Managing agents can get bothersome in the long run because of growth
What's your opinion on this topic? Did I miss any pros and cons?
(I know that agentless isn't actually agentless because it still relies on some type of agent embedded in the software/operating system)
Cheers!
No comments:
Post a Comment