Which is Better for SAM – Agent or Agent-less Discovery?
Is agent-based discovery best for SAM? Or is agent-less discovery the better option?
If you are implementing a SAM program in your organization and are looking at purchasing a solution to help you, you will need to consider whether you wish to utilize agent or agent-less discovery technologies. Some solutions offer only an agent approach for discovery, whilst others do the opposite.
So, which is the best for you? Well, the answer really depends on your particular circumstances, what you are looking to achieve from your SAM program and how you want to manage your IT estate.
Discovery: Find Everything on your Networks
Before you can start to manage anything on your network you need to know, firstly what is there and secondly what exactly it is. This may sound obvious but some solutions seem to ignore this basic fact. For example, how can you deploy an agent to something you do not know exists or say like a switch, cannot have an agent installed?
The simple fact is you can’t. So, although an agent only approach provides more real-time information there are some situations when it falls down. Similarly, an agent-less only approach has its shortfalls, for example if you have remote workers who rarely connect to the corporate network, you will have intermittent and out-of-date information on what is on their device, which is not good for SAM.
Both discovery approaches can have positive and negatives dependent on your organization.
Coping with Changing Environments
By now, you can probably see the answer to the question posed in the title of this article – both. Unless you have a discovery tool that you can rely on to find 100% of your IT estate, you will initially need agent-less technology. This will discover not just the PCs, laptops and servers on your network, but also switches, printers and other connected things like IoT devices.
The latter particularly is becoming more of an issue as a lot of IoT devices are now being connected to the corporate network and many of them have poor security. If these are used without a BYOD policy and are undiscovered, they pose a serious threat to the security of your corporate network.
Once you know, with 100% certainty, exactly what is out there, you can plan and deploy your agents to devices where an agent can be installed, to ensure you are getting a full inventory of all the software installed across which devices.
Uniting Agent & Agent-less Discovery
You may not need or want to deploy agents to all machines, with examples where this may not work, including:
- Servers are usually never switched off and are always connected to the network.
- You may not be allowed to put agents on hardware in your datacentre.
Therefore, a hybrid approach of agent and agent-less discovery is required. This will ensure you can get all the up-to-date and detailed inventory and usage information you need for SAM purposes, as well as allowing you to easily install updates and patches.
AssetStudio: Support Agent & Agent-less Discovery
Fortunately, the AssetStudio SAM solutions offer such a hybrid approach. With multi-layered discovery to find all devices, it allows you to implement an agent and agent-less strategy across your organization enabling you to get full and detailed information on all your IT estate.
If you want to find out how you can implement agent or agent-less discovery, please contact Certero.