Cloud environments are dynamic in nature. Ephemeral workloads, containers, and serverless functions are being added and removed at a rapid speed, often without the direct involvement of security teams. While agent-based approaches are known to provide deeper insights in these dynamic environments, there are situations when an agent-based approach may not be operationally feasible or preferred, resulting in visibility gaps. Given the rapid pace of change, both known and unknown vulnerabilities can exist anywhere.
Agentless workload scanning enables you to quickly gain comprehensive visibility into vulnerability risks across your cloud workloads — without the need to install agents. With this option, you have more flexibility and choice to scan and detect vulnerabilities across all hosts and container images to meet your coverage needs. For example, you can integrate your AWS organization account with Lacework's agentless workload scanning to scan for vulnerability risks within all your cloud accounts. For maximum value and security, you can combine agentless workload scanning with agent-based workload scanning to gain deeper insights.