Cyberwarfare: Who wins?

Increasingly, the intensity of computer attacks is increasing.

Cyber criminals are on the rise. On the other side of the scale, the resistance has always been proposing even more sophisticated solutions to combat the flood of computer piracy over the past twenty years. In the face of this fierce opposition, skills are developing. On each side the teams organize themselves. With the adoption of telecommuting as a professional standard, IT security teams are seeing their obligations and tasks increase.

This article will also interest you: Could we talk about cyberwarfare these days?

Yet on the other hand the task is easier for cyber criminals. The IT security industry has never been more eventful than it has been in the last 3 years. However, what about the status of agents? to facilitate their work, IT security professionals usually install programs on machines to secure them. "The origin of agents is associated with the very existence of operating systems. Each OS requires local actions, such as installing, maintaining software or changing its settings. These operations cannot be done without a local agent, and the bandwidth and complex infrastructure are additional barriers to large-scale fleet control and compliance operations. The agent then appears as the ideal solution. Rather light, easily controllable remotely from a server, it can be put to sleep and be awakened when needed to perform one or more operations remotely: install and update, apply a patch, a security policy, and check customer position compliance. explains Dagobert Lévy, Tanium's Vice President South EMEA.

In recent years, operating systems have become more complex. This immediately results in a significant increase in agents. "The number of use cases and functions is on the rise. While one agent of an antivirus solution checks when opening a file if it is not infected, another is responsible for vulnerability analysis and a third is doing an inventory of software running on the machine. The adage was then adopted as a problem, a solution, an agent. Dagobert Lévy notes. "In 2020, the sudden explosion of telework has increased the use of agents. With desktops now outside the company's network, and mostly on home networks, an even greater number of operations have become difficult to perform remotely. For example, the vulnerability scan, previously carried out on the corporate network through a probe, required the installation of an agent on each workstation now connected to the home network. The consequence? An exponential increase in requests to officers and, above all, the highlighting of the limits of using so many agents on the same position. he adds.

The first adverse consequences can be remembered for the fall in the performance of the workstations because of the high number of installed agents. "Often, the counter-intuitive reflex adopted was to add an agent to evaluate performance. Cascading consequence: The user may want to disable one or more agents that he considers responsible for these delays, even if it lowers the level of security of the customer post. Dagobert Lévy notes.

The second consequence is that the presence of certain agents somehow interferes with the operation of another agent. In other words, they get in the way, thereby reducing their mutual effectiveness.

The solution then on to rationalization in the use of agents. Reduce and limit the number of officers on workstations, depending on the missions assigned to each position. In concrete terms, several steps will have to be taken, as Dagobert Lévy explains: "One of the keys is to rationalize, i.e. to limit the number of agents on the post, for example by using the same agent for different missions. The first step is to carry out a detailed analysis of the present situation, an inventory of deployed officers. How many are there? Are they all operational? And above all: are they really necessary? The second decision of IT services is to no longer agree to add new solutions based on agents without checking that they are absolutely necessary. They are then looking for publishers able to cover different cases of use via a single agent.

This new "war of agents" is being waged by the publishers. Their workhorse? Consolidate functions on a platform capable of bringing together a multitude of use cases on a single agent. But this search doesn't stop at features: are publishers able to provide the requirements for job performance? Not to interfere with the user experience? To have the right certifications and the right level of governance? Once these criteria are correctly defined, the open platform, which will be able to offer agents capable of performing several actions, will certainly win the war of the agents. ».

Now access an unlimited number of passwords:

Check out our hacking software