Agent-based and Network-based
We cannot ensure the security of your network system without good external and internal protection.. One method that, along with others, ensures the internal protection of your network is to make a internal vulnerability scanning. Specific interfaces are scanned (IP addresses, etc.) to detect any vulnerability. The scan is non-invasive., so it can be launched without stopping network activity, since this will run in the background. There are two main types of internal vulnerability scanning: agent-based y network-based. We will analyze them in more depth below..
Network-based
This scan is launched from a physical box on your network (“scanning appliance”), or in a virtual machine that is in the cloud. This is the most traditional scan.
Its goal is to identify weak points in the network that could be exploited by hackers or other threats. Also, allows to verify the effectiveness of network security systems, doing an internal and external study. Nevertheless, it is necessary to keep a very good record of all the inventory connected to the network, in addition to the systems (from installed firewalls to operating systems).
Agent-based
This scan throws "Security agents on your devices. They use the software scanners present in all the devices and centralize the information obtained in a central server. It's a newer scan.
The information they collect is similar to that of a network-based scan.. This scan is time consuming, but it can work even if the scanner is not installed. It is the preferable alternative especially if you cannot ensure connectivity throughout the network system.. For example, in the case of a mobile phone that is not connected to a core network, this type of scan is very useful. An example is the Intruder agent-based scan tool.. It is preferred by banks and large companies worldwide.
differences:
| Network-based | Agent-based | |
| Functions | performs critical functions. | Low-impact software that monitors different aspects of the system. |
| Dependence | Works well with minimal actuation and reduces agent maintenance. | There is an external dependency. May reduce the effectiveness of scanners. |
| connectivity | You need all devices to be connected on the network. | You need specific software to access each aspect separately. |
| Roof | All devices have an IP address, so lets get to scan devices like printers, or even automatic lights. | Agents cannot be installed on everything. Nevertheless, you can do remote device scanner (very useful in a company that allows you to work from home). |
| Department | If the network uses a fixed IP addressing protocol, there is no problem.. But if the addresses are assigned dynamically, it will be difficult to implement. | Allows you to more effectively measure and declare the efforts required to correct vulnerabilities. Agents bind to the device, not to IP address. |
| Maintenance | You need to have very well documented network devices. | Easy maintenance. |
Both one and the other is useful
In conclusion, depending on your system there will be a scan or another that goes better, but in most cases we are interested in doing both scans. Network-based scans are faster, fewer contaminants and reduce false positives. Nevertheless, are unable to reach remote devices, for instance. Since today most networks allow the connection of devices not in the central perimeter (namely, remote), although installation and use of agent-based scanning is difficult, necessary. A mix of the two ensures maximum protection and security.