IT managers are fed up with their endpoint devices becoming the dumping ground for bits of vendor code that can slow performance, conflict with services running on the machines and cause huge management headaches when upgrades are needed. Vendors have imposed their agents on customer machines long enough, IT managers say, and the time has come to change how servers and endpoints are secured and managed.
"There are risks in putting too many agents on any one device, so I've had to set hard limits on how many agents we send out to our endpoints," says William Bell, director of information security at CWIE, a webhosting company in Arizona. "Some people will tell you agents are botnets waiting to happen, but if you have ever tried to patch thousands of machines without agents, you know agents have their place. It's a judgement call."
Bell is not alone in his efforts to balance the amount of software installed on clients and servers for the sake of securing and managing the machines.
"We are concerned about the performance of endpoints, and the more agents you put on them, the more you take away from performance," says Michael Gruen, IT project manager for Bernalillo County, New Mexico. "When you are talking about one tiny agent on one machine, it's not an issue. But when you have many tiny agents across many machines, they add up quickly."
Agent change is afoot
Now that IT managers are getting smarter about agents, vendors are scrambling to accommodate them.
"More vendors are looking at ways to consolidate features or architect their agents in such a way that one agent can handle the tasks of multiple software applications," says Jasmine Noel, principal analyst at Ptak, Noel & Associates. "Vendors are responding to customer complaints that they simply won't deal with so many agents."
Security vendors such as McAfee have been consolidating many features onto a single agent, and management-software makers, such as BMC Software, have developed agentless variations of their monitoring products. IBM and CA are working separately on a common agent architecture across their products that lets customers install just one agent to handle client and server tasks.
Such acquisitions as PatchLink's bid to buy SecureWave also could result in fewer agents for securing endpoints. "As they merge, I have been guaranteed that the client agent will merge as well. I'm looking for just two agents from them within six months," CWIE's Bell says. He also uses Symantec antivirus software on his endpoints.