Agentless monitoring The Achilles heel of credentials
Agentless monitoring is a type of monitoring that does not require the installation of agents on the devices or servers being monitored. Instead, the monitoring software uses existing management protocols, such as SNMP, WMI and even vendor API’s, to collect performance data from the devices.
Agentless monitoring has many benefits as described in our previous blogpost, including:
Low maintenance: No need to install or update agents on devices
Non-intrusive: Does not impact the performance of the devices
Scalable: Can be used to monitor a large number of devices
However, there is one potential drawback to agentless monitoring:
The need to store and use credentials.
In order to query remote hosts, agentless monitoring solutions often need to store the credentials of those hosts. This can be a security risk, as these credentials could be used to gain unauthorized access to the hosts.
Strong encryption is one way to store credentials securely. However, it is important to note that the monitoring process will need to decrypt the credentials in order to use them, and thus will need to know the encryption key.
We strongly recommend ensuring credentials are never allowed to leave the boundaries of the monitored environment. Storing the credentials close to the process responsible for the remote query and ensuring regular password rotation are good practices to mitigate this risk.
It is important to understand how your monitoring solution handles the storage of these credentials. Ask your supplier if you are uncertain to assess the security risk for your organization.