The agent vs agentless debate is over

By Dror Davidoff, CEO and co-founder, Aqua Security

It’s humbling to see customers adopt cloud security vision technology, asserts Aqua Security’s CEO and co-founder Dror Davidoff. He says it’s also humbling to see predictions come true, doubly so when competitors start to follow the leader.

The proof came over the past few months as cloud visibility vendors either released their own agent or partnered with an agent provider. This validates what we all know: agentless security is not security.

Agentless visibility is just one very small piece in the full picture of cloud native application protection platforms (CNAPP).

Two years ago, ‘agentless security’ stormed the market with claims of greatness “Ding dong the agents are dead!”. It is only now that we see vendors admitting agentless provides only visibility, not cloud security.

The announcement by Wiz, and previous announcements by Orca, pull back the curtain on the truth: agentless vendors are building agents and partnering with third party agent-based solutions.

Call it by different names – sensor, widget, shim, if it’s something an organisation deploys on to or next to the protected workloads, it’s an agent.

As the pioneers in cloud native application security, my company didn’t magically cobble together a subset of CNAPP overnight. We spent seven years building a robust, fully integrated solution.

We announced real-time cloud security posture management (CSPM) months ago. We see, virtually patch, block and protect workloads in real time. We know there is only one path to true cloud security, and it’s not lined with yellow bricks.

We see what others don’t, and stop what others can’t.

It is a fact: CSPM and cloud workload protection platform (CWPP) solutions will converge. Gartner predicts that enterprises will consolidate CWPP and CSPM capabilities by 2025.

We see this every day when we speak with customers and prospects. The market shift is happening and quickly. While a beta sensor is a critical first step to building a runtime CNAPP solution, it’s just a small step. True cloud native security demands more than just visibility! Cloud security requires the ability to see and stop threats across every phase of your software development lifecycle, from code to cloud and back.

At its most basic level, consider a complete CNAPP solution in a 2×2 diagram. There are two halves of the cloud application lifecycle, the dev half and the cloud half.

The dev half of the lifecycle covers everything that can be decoded, then build the application and get it ready for production. The cloud half picks the application up from there and includes everything you need to run the application in production, from the cloud infrastructure to the workloads themselves.

The only real way to secure the full lifecycle is to secure both the dev and cloud.

Further, to secure an application tech must be able to see what is happening to the application at all stages of the lifecycle, from the first piece of code developed on the left all the way to production in the cloud on the right. After all, we can’t secure what we can’t see.

Once organisations see what is happening, they can then start to separate good behaviour from bad. This allows them to reliably stop bad things from happening in the lifecycle of the application.

It is not enough to sense an attack. A CNAPP solution must have the ability to detect and stop attacks in progress anywhere in the lifecycle. My company has spent years building our agents specifically for the unique requirements of cloud native environments, not simply repurposing EDR technology.

The power of CNAPP does not come from disparate parts, but from the integrated whole, a single source of security truth. It’s great to see competitors start to understand this.

A unified approach to cloud native security 

From day one, our vision has been to deliver a complete end-to-end security solution for the entire cloud native application lifecycle in one holistic platform.

We’ve always believed that a CNAPP solution must include shift-left scanning, broad visibility, and crucially strong runtime controls that can detect and stop attacks in progress. Today we offer the industry’s first and only unified cloud native application protection platform.