Which is better for SAM – agent or agent-less discovery?

2 Jan 2017 | ITAM, SAM/SLO

If you are implementing a SAM program in your organization and are looking at purchasing a solution to help you, you will need to consider whether you wish to utilize agent or agent-less technologies. Some solutions offer only an agent approach, whilst others do the opposite. So, which is the best for you? Well, the answer really depends on your particular circumstances, what you are looking to achieve with your SAM activities and how you want to manage your IT estate.

Discovering everything on your network

Before you can start to manage anything on your network you need to know firstly what is there and secondly what exactly it is. I know that sounds obvious but some solutions seem to ignore this basic fact. For example, how can you deploy an agent to something you do not know exists or say like a switch, cannot have an agent installed?

The simple fact is you can’t. So, although an agent only approach provides more real-time information there are some situations when it falls down. Similarly, an agent-less only approach has its shortfalls, for example if you have remote workers who rarely connect to the corporate network, you will have intermittent and out-of-date information on what is on their device, which is not good for SAM.

Coping with changing circumstances

By now, you can probably see the answer to the question posed in the title of this article – both. Unless you have a discovery tool that you can rely on to find 100% of your IT estate, you will initially need agent-less technology. This will discover not just the PCs, laptops and servers on your network, but also switches, printers and other connected things like IoT devices.

The latter particularly is becoming more of an issue as a lot of IoT devices are now being connected to the corporate network and many of them have poor security. If these are undiscovered they pose a serious threat to the security of your corporate network.

Once you know, with 100% certainty, exactly what is out there, you can plan and deploy your agents to devices that an agent can be installed on, to ensure you are getting a full inventory of all the software installed.

You need both

You may not need or want to deploy agents to all machines. For example, servers are usually never switched off and are always connected to the network. Also, you may not be allowed to put agents on hardware in your datacentre. So, a hybrid approach of agent and agent-less is required. This will ensure you can get all the up-to-date and detailed inventory and usage information you need for SAM purposes as well as allowing you to easily install updates and patches.

Fortunately, the AssetStudio SAM solutions offer such a hybrid approach. With multi-layered discovery to find all devices, it allows you to implement an agent and agent-less strategy across your organization enabling you to get full and detailed information on all your IT estate.

 

If you have any questions please contact us