Software agents: the good, the bad and the ugly

Anytime a software vendor’s says they require the use of agents red flags should go up in the mind of the consumer. Taking a little extra time to review and understand the reason for the agent will allow the customer to identify risks they introduce.  This is even more critical when the agents will be deployed on servers that run business critical applications or infrastructure components. It may come as a surprise, but many auditing solutions require intrusive or dangerous agents that may likely cause issues rather than help detect and resolve problems.

Don’t believe this can happen to you? A quick search of Google for the term Audit agent blue screen brings back dozens of examples of where intrusive agents have caused big problems for customers. The last thing you want to happen is that some minor upgrade occurs and watch your servers turn to mush because of a 3rd party agent a vendor forced you to use.

It is important to keep in mind that not all 3rd party agents are bad and some can actually make your servers and network more reliable and efficient. Differentiating between good agents and bad agents can be tricky, but there are some key things to consider when researching agents. One of the most important questions to ask is how invasive is the agent. Agents that insert themselves into operating system functions to intercept system calls or agents that require OS level drivers are hard for the vendor to properly test across enough systems to ensure they are safe in your environment; beware here.

Unlike our competition, NetWrix Change Reporter provides a non-invasive and totally optional agent that is used to compress audit data before it is sent over the network. Because the agent is optional the customer has a choice to use the agent or not; and choice is good! NetWrix optional agent is another example of how NetWrix delivers a lightweight auditing framework that meets your security and compliance requirements in a safe, efficient and affordable way.