Cybersecurity insights from industry experts.

Combining Agentless and Agent-Based Cloud Security in CNAPPs

Combining both approaches using a cloud-native application protection platform helps organizations make their cybersecurity holistic by tapping into richer automation and prioritization features.

Microsoft Security, Microsoft

November 14, 2023

4 Min Read
A white cloud against a blue sky. The cloud contains 0s and 1s and a security lock.
Source: Bob Venezia via Alamy Stock Photo

Cloud security has changed. Whereas companies used to rely on individual point solutions to secure individual elements of their cloud environments, today's cloud landscape looks a little different.

Complex multicloud environments have become more commonplace and, as a result, attack surfaces have expanded. Initially, many security teams turned to vendor consolidation and native tool unification as a way to streamline workflows and consolidate the influx of security signals from disparate solutions. However, as cyberattacks grew more sophisticated and more frequent, cyber defenders were quickly overwhelmed by the constant influx of security alerts. 

As a result, we've begun to see a push for contextualized security in which cybersecurity professionals are empowered with visibility into critical attack paths, risk-based prioritization, automated alerts that can flag potential cloud misconfigurations, and more. The key to achieving this state of contextualized security is to embrace a unified cloud-native application protection platform (CNAPP) that leverages a combination of agentless and agent-based protections

Why Agentless and Agent-Based Protections Are Better Together

Agentless versus agent-based protection is an age-old debate in cybersecurity. Some companies favor the in-depth visibility, real-time threat protection, and comprehensive monitoring of individual workloads offered by agent-based protections. This model can also be combined with security information and event management (SIEM) software to enable security teams to synthesize and correlate data when investigating complex, cross-platform security incidents. However, other companies require the agility and flexibility of agentless protections.

In particular, we've seen more emerging cloud security technologies adopt an agentless approach because of the advantages it offers in large-scale, complex environments. Agentless security uses noninvasive methods, like cloud image analysis, log file analysis, and API connections, to collect security data. This reduces the need for hands-on management or ongoing maintenance and can be a more efficient use of resources. Agentless protections are also particularly effective for organizations that deploy hardened resources and cannot install a cloud security agent.

Rather than choosing between agent-based and agentless, we'd argue that the better approach is to adopt a combination of both. By deploying a CNAPP that uses agent-based and agentless protections, organizations get the best of both worlds. The CNAPP is more robust and flexible, adapting to the specific needs of an organization's cloud environment by optimizing its use of agent-based or agentless security as needed. This gives organizations the deep visibility and protection of agent-based security but in a way that makes sense for dynamic multicloud environments.

Consider the example of a financial service organization. Banks often deal with sensitive data, such as Social Security and credit card numbers, that can't be exposed to the Internet. In these cases, agentless security can be applied to safeguard sensitive data while also helping security teams understand the context and linked risks. At the same time, the organization can also leverage agent-based security to better detect and respond to ongoing and future attacks with real-time alerts about brute force attacks or data filtrations, such as a malware campaign. An organization's DevOps security team can further shift security left and integrate malware-scanning features into the DevOps stages to achieve code-to-cloud protection.

The Power of Contextualized Cloud Security

In addition to flexible cloud protections, organizations also need contextualized security. Security administrators are tasked with keeping multicloud environments safe and maintaining a healthy cloud security posture. However, they're being overwhelmed with a never-ending list of posture improvement recommendations that make it difficult to know where to start and what they should focus on first. Contextual cloud security posture management (CSPM) helps guide security administrators by prioritizing the most important risks to remediate first based on their potential impact to the business.

One way to prioritize security recommendations is by looking at potential paths that attackers might use to breach your environment and compromise high-impact assets. A contextualized CSPM would identify this attack path; rank it based on potential risk factors, such as Internet exposure, permissions required, and lateral movement; and suggest remediations that could break the path and prevent a successful breach.

By embracing a unified CNAPP that incorporates contextualized CSPM features, organizations not only can better prioritize security recommendations, but they can also proactively embed best practices across the enterprise. In addition to CSPM, CNAPPs also combine capabilities across DevOps security management, cloud workload protection, cloud infrastructure entitlement management, and network security. This enables SOC analysts, security administrators, and developers to use the CNAPP for more effective collaboration. 

Developers and administrators can work together to proactively embed security into application code, while SOC analysts gain the breadth and depth of information they need to anticipate potential security risks and respond to threats in real time. The result is end-to-end protection that helps companies operate more securely in evolving, fast-paced cloud environments.

— Read more Partner Perspectives from Microsoft Security.

Read more about:

Partner Perspectives

About the Author(s)

Microsoft Security


Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights