CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers.
The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users manage both systems from the same management console.
The idea is to provide flexibility. Agentless, API-based scanning is much easier to implement than agent-based techniques, and provides the ability to look at the entirety of an enterprise’s workloads in moments. Uptycs said its system is particularly low-touch, asking only to pull metadata, not actual information, from the customer environment to provide a snapshot of all activity in a given environment.
Yet, because of that snapshot-based visibility, agentless security doesn’t offer the type of continuous coverage that agent-based approaches do. Hence, for particularly critical workloads, Uptycs said that agent-based sensors might be appropriate, backed by agentless “snapshot” coverage for the rest of the environment.
In an official blog post accompanying the release, the company gave the hypothetical example of a company that purchases a smaller competitor for some of its applications, which run in Google Cloud Platform. Instead of conducting a full security audit on the new acquisition’s cloud environment, the acquiror can use agentless scanning to get an instantaneous overview and understand the particular security risks posed.
Agent-based and agentless scanning can work together
Lawrence Pingree, a vice president and analyst at Gartner Research, said that the two-pronged approach offered by Uptycs is an attractive one for enterprise customers. While there’s still a certain amount of hesitancy about agent-based security in the cloud, bundling it along with API-based techniques offers the best of both worlds.
“The two-fold approach really … allows them to straddle the hybrid environment,” Pingree said. “That means they’re able to integrate with a lot of these cloud services and get quick value, and still give you value on the traditional workload or endpoints you’re managing.”
Uptycs also incorporates the ability to use YARA rules, which are, in essence, a query language that lets security teams analyze content across an entire filesystem, and a key tool for detecting advanced threats. Pingree characterized it as a successor to the concept of malware signatures.
“It’s an industry standard,” he said. “And I’m not sure where they start and finish on YARA, but it’s definitely useful for scanning for indicators of malicious files and artifacts.”
The standard price for Uptycs’ security offerings is “about $100 per node/asset per year,” the company said, adding that an end-of-year sale will provide 1,000 managed assets for $1 for a limited time. The new agentless capability is available now.
