Agent-Based Vs Network Based Internal Vulnerability scanning

SecOps Solution
3 min readFeb 1, 2023

--

Technology is constantly evolving, and with that comes threats. Performing vulnerability scans and assessments is one of the best methods to defend the networks that companies rely on daily.

An externally exposed system that appears secure from a black-box perspective would have been exposed to severe flaws that can be identified after a deeper examination of the system and software being used. That’s where the role of internal vulnerability scanning comes in, it adds a second layer of defense, making your company substantially more breach-resistant.

An internal vulnerability scan is often carried out with access to the internal network, and its main advantage is the identification of vulnerable systems and the resulting knowledge for patch management procedures. And for performing internal vulnerability scan there are two approaches network-based and agent-based internal vulnerability scanning.

Agent-Based Scanning

Each device that needs to be tested has a software package installed called a “agent.” The agent gathers information after installation that shows whether a device may have vulnerability problems and the results of the scans are reported back to the central server.

Advantages:

  • No credential management: The agents used in agent-based scanners are installed directly on the target device, eliminating the need for credentials.
  • Reduced network traffic: In order to reduce network traffic, agent-based scanning processes results locally on the host before transmitting them to Alert Logic for thorough evaluation.
  • Increased host-target availability: The agent can be installed on hosts that are difficult or impractical to scan from the network.
  • No IP Limitation: Agent-based scanning still provides access to assets that use dynamic addressing or are off-site and hidden behind private subnets as they reconnect to the servers.

Disadvantages:

  • Are resource intensive and end up hogging your computing and memory space.
  • To access each component separately, specialized software is required.
  • They are operating system-dependent.
  • While most agent updates are automated, new scanner installations and alterations will require additional work from IT employees.

Network-Based Scanner

The practice of finding vulnerabilities on a computer’s network, or IT assets, that hackers and threat actors might exploit is known as network-based vulnerability scanning. It helps to identify the current risk posture of your environment the efficiency of your security measures and possibilities for strengthening your defenses by fixing vulnerabilities.

Advantages:

  • A network-based vulnerability scanner evaluates various operating systems and apps, and the vulnerabilities are then cross-referenced against vulnerability databases to discover unpatched programs that need to be fixed in order to prevent breaches.
  • Users can choose target systems and specify additional information on the vulnerability tests that the scanner should perform.
  • Network scanners leave behind a little trace, have fewer negative effects, and produce fewer false positives.

Disadvantages:

  • It cannot detect devices or applications that never communicate and are susceptible to issues brought on by infected systems purposefully disseminating false information.

--

--