🌶 According to CNCF, Kubernetes adoption is over 80%. Production workloads in the cloud run on Kubernetes. You can't see what containers are doing in Kubernetes without an agent. If you're doing agentless cloud security, what exactly do you think you're securing? To take it a step further, if your cloud native application protection platform doesn't prioritize or sometimes even support the kind of infrastructure that runs 90% of cloud native application, what exactly are you paying 6-7 figures a year for?
Chris H.
1mo
We’ve watched the pendulum between ways streamlined deployments of tooling swinging back toward needing deeper context and visibility (e.g. agentless vs agent-based).
I would like to break this even further - What is being done to secure CaaS Infrastructure Platform and CaaS Application ? . Considering the case of On Permises - if one goes by Secure By Design , Secured Deployment and Secured Configuration shall be supplied by the CaaS infrastructure platform vendor . CaaS Application - be application provider responsbilities ( again secured deployment and secured configuration ) . Considering the Public Cloud CaaS infrastructure Platform , To me this appears at least as a black box as of now , though they have some solutions such as CSPM or Security Services API that can be while developing Containered/VM Applications - But this leaves a very complex Responsbility matrix - something that will have impact on SBOM and also the SLA/OLA - time to ponder these .
Rani Osnat
1mo
Umm, yeah.
Rick Moy
1mo
Agreed, can't secure what you can't see (at a meaningful level). Performance overhead and complexity have also worked against agent approaches for practical reasons. This tradeoff needs to be right-sized.
Nadav Lotan
1mo
I couldn't agree more! Agentless cloud security is like looking at the tip of the iceberg, but that's never enough. If your organization values proper protection and visibility into cloud workloads, you should dive deeper and use an agent.
Marcelo Grebois
1mo
Given such high Kubernetes adoption rates and container visibility challenges, the effectiveness of agentless cloud security raises intriguing questions about its true scope. Investing hefty sums in platforms not aligned with predominant infrastructure seems counterintuitive.
Co-Founder & CEO at Myrror Security | DevSecOps Enthusiast | Software Supply Chain Protector
1moWho are the companies that still say agentless? (feel free to share privately of course). I've seen a good shift in that messaging in the past couple of years. And I think "All you need to do is install our helm chart" (which is another word for agent) might have confused some people because it's not the usual "apt-get install something", but it's still an agent :)