Fighting back against software-agent overload

Software agents — long seen as a necessary evil by those securing and managing servers, desktops and other endpoint devices — have proliferated to the point of polluting enterprise environments.

IT managers are fed up with their endpoint devices becoming the dumping ground for bits of vendor code that can slow performance, conflict with services running on the machines and cause huge management headaches when upgrades are needed. Vendors have imposed their agents on customer machines long enough, IT managers say, and the time has come to change how servers and endpoints are secured and managed.

“There are risks in putting too many agents on any one device, so I’ve had to set hard limits on how many agents we send out to our endpoints,” says William Bell, director of information security at CWIE, an Internet-based Web-hosting company in Tempe, Ariz. “Some people will tell you agents are botnets waiting to happen, but if you have ever tried to patch thousands of machines without agents, you know agents have their place. It’s a judgment call.”

Bell is not alone in his efforts to balance the amount of software installed on clients and servers for the sake of securing and managing the machines.

“We are concerned about the performance of endpoints, and the more agents you put on them, the more you take away from performance,” says Michael Gruen, IT project manager for Bernalillo County, Albuquerque, N.M. “When you are talking about one tiny agent on one machine, it’s not an issue. But when you have many tiny agents across many machines, they add up quickly.”

Agent change is afoot

Now that IT managers are getting smarter about agents, vendors are scrambling to accommodate them.

“More vendors are looking at ways to consolidate features or architect their agents in such a way that one agent can handle the tasks of multiple software applications,” says Jasmine Noel, principal analyst at Ptak, Noel & Associates. “Vendors are responding to customer complaints that they simply won’t deal with so many agents.”

Security vendors such as McAfee have been consolidating many features onto a single agent, and management-software makers, such as BMC Software, have developed agentless variations of their monitoring products. IBM and CA are working separately on a common agent architecture across their products that lets customers install just one agent to handle client and server tasks.

Such acquisitions as PatchLink’s bid to buy SecureWave also could result in fewer agents for securing endpoints. “As they merge, I have been guaranteed that the client agent will merge as well. I’m looking for just two agents from them within six months,” CWIE’s Bell says. He also uses Symantec antivirus software on his endpoints.

After evaluating products from multiple vendors, Bernalillo County’s Gruen decided to go with start-up Xangati to help spot performance problems and bottlenecks across his network. Xangati requires customers to install an appliance that spots anomalous traffic to root out problems, but doesn’t mandate a software agent. “It was important to us to have nothing installed on the client. It would have been more effort than we could put forth,” he says.