Skip to main content
Paperclip Partners With Flying Cloud Technology, Premier Federal to Create Zero Trust Data Safe Platform

Flying Cloud

back

The Rise and Fall of Device Agent-Based Security: A Corporate Fatigue Story

By July 22, 2024

In cybersecurity, what was old is now new again. And what seemed like a good idea at the time turns out to actually create more vulnerabilities for operational and cybersecurity failures. How did we go from network-based security to agent-based security, and why are we going back? The CrowdStrike outage on Microsoft devices that began on July 19 is—unfortunately—a graphic example of the rise and fall of device-resident, agent-based security.

The Original Security Paradigm: Network-Based Security

In the early days of cybersecurity, networks were primarily hardware-driven and premises-based, and a perimeter security approach was the gold standard. Firewalls, intrusion detection systems (IDS), and network access controls ran on the network and formed the backbone of corporate security strategies. Managed centrally, this model presented few points of failure, streamlined threat management, and allowed traffic monitoring and control to defend against external threats.

The Shift to Device Agent-Based Security

Since then, networking and security technology advanced. And so did threat actors. The number of user endpoint devices attached to the network exploded, as did edge devices like routers, servers, VPN hardware, and security appliances. The attack surface mushroomed for most organizations, and the sheer variety of devices presented new security challenges while adding significant overhead to network performance.

Security vendors responded by aggressively offering agent-based security solutions installed on endpoints and edge devices themselves. It seemed like a logical step. With each device protected by its own agent, the network could be protected from the inside by hundreds or thousands of mini-fortresses—in addition to perimeter security. Even better, this approach promised granular control and individualized security measures tailored to each device.

For security vendors, this approach also provided a revenue assurance policy. They could sell a network-based solution once and continuously sell agents (and maintenance policies) as organizations added devices over time. Focusing on agents was a convenient way to maximize profits.

To manage the agents, vendors introduced centralized management platforms. A vendor’s platform was designed to provide a single pane of glass for updates, patches, and monitoring of its solution across devices. Corporate security teams adopted these centralized platforms, effectively turning over much of their security solution management responsibility to vendors.

See Where This is Going?

Now, enter the “best of breed” phenomena. Why not have the absolute best of each security control implemented as agents? The best anti-virus. The best password solution. The best web browser filtering solution. The best email security solution. The best data leak protection. And on and on. Best-of-breed approaches seemed to make sense on paper and many organizations went with them. Of course, each vendor’s management platform managed….its own solution.

You’re Wearing Us Out

Agent-based security quickly turned into a nightmare. Each agent must be continually updated, patched, and monitored. Large organizations have thousands of security agents that need constant attention. If not, the network of mini-fortresses becomes a sieve of vulnerabilities, susceptible to outdated software, configuration errors, and compatibility issues.

Simply assuming that vendors performed proper testing before modifying agents under their control often proved to be a mistake. Even the best vendors don’t always get everything right, every time. When IT and security teams solely relied on vendors without their own internal standards-based update and change controls, the results were not good. At the same time, teams had to assume that the underlying hardware was also correctly and securely updated and patched. As we all know, that’s not a safe assumption.

Worse, security teams now had multiple “single panes of glass” that didn’t talk to each other, didn’t provide sufficient visibility, and resulted in a false sense of enterprise security. The sheer volume of alerts and maintenance tasks led to alert fatigue, with hundreds of alerts and false positives every day. It’s easy to miss critical threats in all the noise. Alerting and responsive event correlation between security controls became almost impossible. Security teams, already stretched thin, have been overwhelmed.

Back to the Future: Network-Based Security Once Again

With the challenges and inefficiencies of device agent-based security, a return to network-based security is gaining traction. This shift is driven by several factors:

  1. Cloud and API-based operations: As organizations migrate to the cloud and rely more on APIs, the network perimeter has evolved. So have networking and security software capabilities, such as SD-WAN and AI-driven defenses. Securing data at the network level via software, particularly in cloud environments, is more effective and scalable in protecting sensitive information.
  1. Centralized control: Network-based security enables centralized monitoring and management—just like in the old days but with comprehensive visibility, flexible policies, and more powerful threat prevention and detection.
  1. Reduced complexity: Taking the security off of thousands of devices simplifies the security infrastructure, making security and policy enforcement easier and consistent across the enterprise. Automation for network-based security also saves valuable time for overburdened security teams.
  1. Better resource allocation: Automation and centralization let security teams allocate limited resources more effectively, focusing on proactive measures rather than reactive maintenance. The move towards greater platformization of security capabilities also tends to reduce costs associated with multiple licenses, maintenance and support, and vendor management.

The New New

Of course, everything continues to evolve—networks, security solutions, and the threat landscape. Network-based security once again is offering a more efficient and effective way to safeguard digital assets across premises and cloud environments. The next step has already begun, with security and networking beginning to converge into unified platforms. In 2023 there were more than 400 acquisitions between networking and security companies. Vendors are acquiring new features and capabilities to boost their security credentials with customers. Networking companies are buying security companies. In this new iteration of network-based security, it’s clear that networks are becoming “security-first” assets that not only connect enterprises, but help defend them as well.