The Next Phase of Armis by Yevgeny Dibrov

Read More

What is Agentless Monitoring?

Traditionally, IT and Security solutions that provide endpoint monitoring capabilities require that an agent be installed on the device to be monitored. These agents will record the local device’s activity from a network, application, and operating system perspective and then forward that information to a monitoring server.

While agent technique is effective, it has several drawbacks: 

  1.  Agents must be deployed and managed.
  2. If there is a problem with the agent, or it is not running, there will be no data collected from that device to assess risk and threats.
  3. Agents can usually only be installed on certain operating systems (Windows, iOS, Linux).

This leaves other device types (IP Cameras, printers, OT devices, etc.) without monitoring capabilities. Without an agent, the ability to monitor all devices, regardless of type or OS, does not have these limitations.

How Does Agentless Device Monitoring Work?

By capturing all device traffic passively, Armis can not only assess device risks and threats in real-time. Still, they can also classify the device (category, type, Operating system, etc.), providing complete visibility into what a device is, it’s doing, and its inherent risks and threats to the organization.

To assist with this discovery and monitoring, Armis leverages their proprietary Device Knowledgebase – which is currently tracking 500 million devices worldwide. The Armis Agentless Security Platform does not require agents to be installed on devices to see them. This removes the burden and risk of deploying agents across the environment and ensuring that agents are operational and up-to-date.

The Armis platform’s agentless monitoring capabilities allow customers to quickly discover, monitor and assess *all* devices – regardless of device type. The capability to discover and monitor any device is important, as threat actors are now targeting unmanaged and IoT devices to gain a foothold in an organization to launch their attacks. In addition, without the need to leverage and install agents, deployment of the Armis platform is simple and quick – providing immediate, low-friction insights into Armis discoveries and the overall value of the platform.