Aqua Blog

The Agent vs Agentless Debate is Over

The Agent vs Agentless Debate is Over

It’s humbling to see customers adopt Aqua’s cloud security vision. It’s humbling to see our predictions come true, doubly so when competitors start to follow us. The proof came over the last few months as cloud visibility vendors either released their own agent or partnered with an agent provider. This validates what we all know: agentless security is not security. Agentless visibility is just one very small piece in the full picture of Cloud Native Application Protection Platforms (CNAPP).

CNAPP demystified

Two years ago, “agentless security” stormed the market with claims of greatness “Ding Dong the agents are dead!”. It is only now that we see vendors admitting agentless provides only visibility, not cloud security. The announcement by Wiz, and previous announcements by Orca, pull back the curtain on the truth – agentless vendors are building agents and partnering with 3rd party agent-based solutions. You can call it by different names – sensor, widget, shim – if it’s something you deploy onto or next to the protected workloads, it’s an agent. As the pioneers in Cloud Native Application Security, we didn’t magically cobble together a subset of CNAPP overnight. We spent seven years building a robust, fully integrated solution. We announced Real-Time CSPM months ago. We see, virtually patch, block and protect workloads in real time. We know there is only one path to true cloud security, and it’s not lined with yellow bricks.

See what others don’t, and stop what others can’t

It is a fact: Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) solutions will converge. Gartner predicts that enterprises will consolidate CWPP and CSPM capabilities by 2025. We see this every day when we speak with customers and prospects. The market shift is happening and quickly. While a beta sensor is a critical first step to building a runtime CNAPP solution, it’s just a small step. True cloud native security demands more than just visibility! Cloud security requires the ability to see and stop threats across every phase of your software development lifecycle, from code to cloud and back.

At its most basic level, you can think of a complete CNAPP solution in a 2×2 diagram. There are two halves of the cloud application lifecycle, the dev half and the cloud half. The dev half of the lifecycle covers everything you do to code and build the application and get it ready for production. The cloud half picks the application up from there and includes everything you need to run the application in production, from the cloud infrastructure to the workloads themselves. The only real way to secure the full lifecycle is to secure both the dev and cloud.

Further, to secure an application you must be able to see what is happening to the application at all stages of the lifecycle, from the first piece of code developed on the left all the way to production in the cloud on the right. After all, you can’t secure what you can’t see.

Cloud Native Security LandscapeOnce you see what is happening, you can then start to separate good behavior from bad. This allows you to reliably stop bad things from happening in the lifecycle of the application. It is not enough to sense an attack. A CNAPP solution must have the ability to detect and stop attacks in progress anywhere in the lifecycle. We have spent years building our agents specifically for the unique requirements of cloud native environments, not simply repurposing EDR technology.

The power of CNAPP does not come from disparate parts, but from the integrated whole, a single source of security truth. It’s great to see competitors start to understand this.

Aqua: A unified approach to cloud native security

From day one, our vision has been to deliver a complete end-to-end security solution for the entire cloud native application lifecycle in one holistic platform. We’ve always believed that a CNAPP solution must include shift-left scanning, broad visibility, and crucially strong runtime controls that can detect and stop attacks in progress. Aqua offers the industry’s first and only unified cloud native application protection platform.

We have never wavered from our core principle that true cloud security requires both agentless scanning and agent-based in-workload detection and response. The Aqua platform was the first CNAPP to organically combine agentless workload visibility with active protection deployed from a single agent. Built together from the ground up, agents and agentless are enriching each other and sharing the context across the application lifecycle. Thus, allowing security teams to not only rapidly detect, prioritize, and fix the highest risks but also to stop attacks in progress

This is why we were first to market with Real-Time CSPM – the only solution that combines agentless and in-workload visibility for a complete and prioritized view of your cloud security risk in real-time. Start your cloud native security journey with Aqua Real-Time CSPM today, no public preview, no waiting required.

Dror Davidoff
Dror is the Co-Founder and CEO at Aqua. Dror has more than 20 years of experience in sales management, marketing, and business development in the enterprise software space. He has held executive positions at several emerging IT security and analytics companies. Before co-founding Aqua in 2015, he headed up global sales of Database Security Products at McAfee (Intel Security), and prior to that was EVP of Sales and Business Development at Sentrigo where he led its fast market share increase. Dror holds an MBA in Finance from City University of New York and a BA in Economics. He likes to start his day with an early morning swim in the Mediterranean.