Uptycs Blog | Cloud Security Insights for Linux and Containers

Comprehensive Agentless Endpoint Security Solutions by Uptycs

Written by Tyson Supasatit | 12/9/22 10:00 AM

Today, we’re announcing agentless workload scanning. This expands our agentless cloud security capabilities to include cloud workload protection (CWPP), giving our customers more flexibility in how they ensure security and compliance for their cloud workloads. Uptycs already offers agentless cloud security offerings for CSPM, CIEM, and CDR. 

 

Agentless workload scanning will be available before the end of the year and support AWS and GCP environments. This feature incorporates as much functionality as possible from our Uptycs runtime sensor, but avoids having to install anything on your workloads.

 

Importantly, we’re giving customers two options for deploying agentless, including an option that ensures no customer data leaves your environment. Unlike first-generation agentless scanning products, the Uptycs solution can do all the scanning operations inside the customer environment—only API calls go in and only metadata scan results leave. All the snapshots, disk volumes, and scanning instances stay with you, under your control in your environment.

 

Your data stays with you: Only API calls enter, only metadata scan results leave your environment.

 

The Best of Both Worlds

For Uptycs customers, the addition of agentless workload scanning gives you the power of choice. You can use the agentless deployment to get 100% coverage in minutes, using a friction-free process that does not require you to install agents. You can also deploy the Uptycs sensors on critical workloads where you want continuous runtime security with ATT&CK-mapped behavioral detection, YARA scans of in-memory processes and files, live query investigations, blocking and remediation, and other functions that can only be achieved using the Uptycs sensor.

 

Both deployments present data in and are managed from the same UI, and use the same data model so that queries and investigations are seamless. And the best part? You can use both technologies together to get the most complete view of your environment in the way that works best with your security and development needs.

 

How Agentless Workload Scanning Fits Into Your CWPP Mix

The biggest value of agentless is the ability to quickly measure risk in the environment. As the management guru Peter Drucker said, “You can’t manage what you can’t measure.” An agentless scan will uncover issues that represent risk in your environment. You’ll be able to see misconfigurations, vulnerabilities, compliance issues, exposed secrets, and malware. And the kicker is that it’s incredibly easy to deploy—in a matter of minutes. Onboarding accounts for Uptycs agentless workload scanning is integrated with the onboarding of our other agentless cloud security capabilities.

 

Agentless workload scanning will enable you to do a lot of what you can do with the agent-based deployment—but on a periodic basis. You won’t be able to observe process memory or employ blocking and remediation. Agentless also provides limited support for investigations, since the periodic scan won’t capture the historical telemetry that has made the Uptycs live queries and Flight Recorder so popular.

 

We believe the results of your initial agentless scan will surprise you. Perhaps it will justify more strict security controls, suss out issues in the CI/CD pipeline, or convince a skeptical application team to deploy the Uptycs eBPF-based sensor for continuous runtime security, for example.

 

How should you employ agent-based and agentless approaches in your environment? Well … it depends. Let’s look at two hypothetical scenarios to see how this might work.

 

Scenario 1: Merger & Acquisition

Gadget Co has just acquired one of their smaller competitors, Widget Co. Part of the rationale for the deal was Widget Co’s superior mobile e-commerce applications, hosted in GCP. But is this environment secure? Widget Co doesn’t seem to have prioritized security when building and running its fancy applications.

 

Luckily for Gadget Co, they’re an Uptycs customer! Agentless workload scanning is a perfect solution for the Gadget Co security team. Instead of having to spend months conducting a full security audit of the new environment, they can enroll the Widget Co GCP environment in their Uptycs agentless workload scanning and BINGO! Instant visibility into the risks present in the environment. Gadget Co can see which vulnerabilities they need to prioritize and can plan a roadmap for cleaning up PCI compliance issues in some of the workloads. 

 

Scenario 2: Skunkworks Application

Sarah the CTO is very proud of the WonderApp application. She was a champion of the one-time skunkworks project, and is now credited for digital transformation of the company in investor calls. So she is inclined to listen to the ace team of developers when they tell her that installing agents will slow them down.

 

Bob is the director of security and is worried about WonderApp. Can he trust the application team that everything is patched, configured properly, with absolutely no compliance issues that could get him in trouble with the auditors? Now, with Uptycs agentless workload scanning, Bob can both trust and verify.

 

He can run agentless workload scanning to measure risk for all the workloads in his AWS environment, including the development, test, and production environments for WonderApp. The security risk for WonderApp is now quantifiable. In their next meeting, Sarah and Bob have a productive conversation about deploying appropriate security controls to mitigate that risk. 

 

Agentless Scanning + Agents: Working Together For You

There shouldn’t be a debate about whether agentless or agent-based CWPP solutions are superior. The correct answer is that both have value. Uptycs customers now have the power of choice and are able to benefit from the best of both worlds.