To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

What are the limitations of agent-only based VM scanning?

Options
AbacusMatt
AbacusMatt W/ Partner Posts: 6 Security Scout

Hi,

We have a customer site where our engagement is to only scan computers for vulnerabiltities. As such, we have not deployed a scan node. WIthSecure indicated that a scan node is not needed for this purpose.

However, we notice that many vulnerabilities are not caught this way. For example, deprecated TLS versions are not found during agent scanning. This is just one example.

What are the true limitations of agent-based scanning? Or perhaps someone knows if there is something we need to do to capture this information.

Thanks.

Best Answer

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    Solved
    Options

    Hi @AbacusMatt

    Thank you for reaching out the WithSecure Community,

    There are some limitations for the Elements Agent with VM capabilities (Agent-based):

    • The Elements Agent with VM capabilities (Agent-based) utilizes the OneClient ecosystem, sending telemetry and vulnerability scan metadata to the WithSecure Cloud.
    • Business Suites (BS) and BS+EDR agents are not compatible with Elements Agent with VM capabilities.
    • Elements Agent with VM capabilities is currently supported only on Windows endpoint devices.
    • Elements Agent with VM capabilities is managed through the Elements VM Cloud management portal.
    • When comparing Elements Agent with VM capabilities scan to SystemScan, authenticated scan, there may be fewer findings. This is because authenticated SystemScan provides a combined external and internal view of the device. For example, SSL/TLS issues related to misconfigurations of a web server running on the device.
    • There are no combined SKUs like "EDR+EPP+Elements VM agent" and corresponding subscription keys. Use the Elements Agent with VM capabilities subscription key only if you intend to install Elements Agent with VM capabilities as a standalone feature.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home

Answers