👋 Good morning, Cyber Pros!

This week’s issue brings you:

• Agentless vs agent-based security

• A guide to risk based prioritisation

• AI Security resource roundup

• Quarterly review of your cyber security goals

Let’s dive in!

Read time: ~7 mins

Agentless vs. Agent-Based Security

Cloud environments are highly dynamic, with resources constantly shifting. This fluidity challenges traditional agent-based security approaches that require installing monitoring software on each host. Agentless security offers a streamlined alternative by leveraging cloud APIs and metadata. This snapshot scanning provides visibility into the threats in your environments.

Let’s take a look at the advantages and disadvantages of both approaches.

Advantages of agent-based security

• Active Security Enforcement: Unlike monitoring-only solutions, agent-based security can take direct action to harden systems and enforce policies. Agents have the capability to make configuration changes, enable firewalls, remove unnecessary software, and more to actively improve host security posture.

• Cross-Environment Deployment: Agent software can be installed across different infrastructure types - cloud, on-premises data centres, employee laptops/devices, etc. This allows organisations to standardise on the same agent-based tooling regardless of where workloads reside.

• Decentralised Architecture: Agents aren't reliant on a central management service being available. They can continue operating autonomously within their local environment, providing resiliency against service outages or network disruptions impacting the management platform.

Disadvantages of agent-based security

Agent-based security solutions can suffer from several drawbacks that increase operational overhead and risk.

• Inconsistent Coverage: Achieving comprehensive monitoring relies on properly deploying and enabling agents across every single system. Gaps can easily arise if administrators fail to implement robust processes for agent rollout.

• Continual Maintenance: Agent software requires frequent updates and configuration management to prevent it from becoming outdated, insecure, or misconfigured over time on each individual host.

• Resource Consumption: While designed to be lightweight, agents inherently consume some system resources by running as an additional process on hosts. This overhead can lead to performance impacts and increased cloud costs at scale.

• Vendor Lock-In: Migrating between different agent-based products is extremely difficult, as it requires individually uninstalling old agents and deploying new ones across your entire environment.

• Potential Attack Vector: Agents run with elevated privileges, so successful compromise can expose sensitive system details. Several CVEs impacting various security agents have been disclosed over the years.

Advantages of agentless security

• Simple, automatic coverage: by connecting to cloud APIs, they automatically discover new resources as they're created, without requiring manual installation of an agent process.

• Excellent scalability: You can freely add, remove, and replace resources as required, with no extra burden, whether you're monitoring 10 endpoints or 10,000.

• No performance impact on your workloads: The absence of any agent processes running on your hosts means there's no performance impact on your workloads.

• No vendor lock-in: Agentless is non-intrusive so you don't need to worry about cleaning up your environments if you need to switch services.

• Zero maintenance: Agentless security is maintenance-free, requiring no updates.

Disadvantages of agentless security

• Requires cloud APIs: hybrid cloud workflows that include some on-premises resources may be challenging.

• No runtime protection: As agentless services don't run directly alongside your workloads, they can’t actively protect your hosts by making configuration changes or quarantining suspicious packages.

Summary: Agentless vs. agent-based security

• Agentless security solutions offer a simpler, more scalable, and lower maintenance approach compared to agent-based solutions. They provide enhanced visibility into cloud environments while avoiding the friction of deploying monitoring agents on individual hosts.

• While agent-based tools may still have advantages for specific use cases like low-level runtime protection, agentless security is generally better aligned with modern, dynamic cloud operations.

• By leveraging cloud provider APIs rather than installed software agents, agentless security eliminates potential attack vectors from network-exposed agent processes while automatically ensuring comprehensive coverage as cloud resources continually change.

Note: this all depends on the use case and what you’re trying to achieve!

Risk Prioritisation Guide

If you want to master the art of vulnerability management, this guide will help you navigate the treacherous journey of software vulnerabilities and standards to effectively prioritise by Risk.

This Risk Based Prioritisation Guide is a pragmatic user-centric view of Relative Risk per Vulnerability, the related standards and data sources, and how you can apply them for an effective Risk Based Prioritisation for your organisation.

After reading this guide you should be able to:

1/ Understand Risk

• the main standards and how they fit together

• the key risk factors, especially known exploitation or likelihood of exploitation

2/ Prioritise CVEs by Risk

• apply this understanding to Prioritise CVEs by Risk for your organisation resulting in

• a significant reduction in your security effort

• a significant improvement in your security posture by remediating the higher risk vulnerabilities first

3/ Apply the provided guidance to your environment

• the source code used to do much of the analysis in this guide is provided - so you can apply it to your internal data

• compare what other users, and tool vendors, are doing for Risk Based Prioritisation so you can compare it to what you're doing

• ask more informed questions of your tool/solution provider

AI Security Resource Roundup

Every week I set aside time to stay up-to-date with the latest developments around the intersection of AI & Security. I thought I’d add a section into the newsletter to share what I’ve read, listened to, watched etc.

1/ ComPromptMized: Unleashing Zero-click Worms that Target Gen AI-Powered Applications

• A computer worm has been created that targets Gen AI-powered applications. It has been demonstrated against Gen AI-powered email assistants in two use cases (spamming and exfiltrating personal data), under two settings (black-box and white-box accesses), using two types of input data (text and images) and against three different Gen AI models (Gemini Pro, ChatGPT 4.0, and LLaVA).

2/ ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild

• A vulnerability called ShadowRay has been discovered in the popular AI framework, Ray, leaving thousands of publicly exposed servers vulnerable to attacks. This flaw has been actively exploited for seven months and can give attackers access to companies' computing power and sensitive data.

3/ Unveiling AI/ML Supply Chain Attacks: Name Squatting Organizations on Hugging Face

• Namesquatting is a tactic used by malicious users to register names similar to reputable organisations in order to trick users into downloading their malicious code. This has been seen on public AI/ML repositories like Hugging Face, where verified organisations are being mimicked. Users should be cautious when using models from public sources and enterprise organisations should have measures in place to ensure security.

4/ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training 

• The study looked at whether current AI safety techniques could effectively detect and remove deceptive behavior learned by large language models. They found that the deceptive behavior can be made persistent and difficult to detect, potentially undermining the success of safety measures.

5/ Leveraging LLMs for Threat Modeling - Claude 3 Opus vs GPT-4

• This post compares two models, Claude 3 Opus and GPT-4, in terms of their abilities to perform threat modeling. It finds that Claude 3 Opus has slightly stronger reasoning abilities and a better understanding of system architecture.

Quarterly Review

2024 is 25.25% complete:

As we reach the end of the first quarter of 2024, it's the perfect time to pause and reflect on the goals and aspirations we set for ourselves at the start of the year.

Take a moment to revisit those goals you set back in January. What did you hope to accomplish by the time December rolls around? Perhaps it was a certification, learning a new skill or advancing your career.

Carve out some time this week to celebrate the small wins and successes you've already experienced, and use them as motivation to keep pushing forward. If you've encountered setbacks or found yourself veering off course, don't be discouraged. This is a natural part of the journey, and it's never too late to recalibrate and get back on track.

Remember, the year is still young.

If you need some support or inspiration, you can revisit these two posts:

• Cyber Security Annual Planning Guide

• Prepare to Dominate Cyber Security in 2024

Did you enjoy this one?

If you’ve got any feedback, please reply to this directly!

I want to create a newsletter that you can’t wait to open every week.

Your feedback will help me do that.

Share Cyber Pro Club!

If you found this newsletter valuable, share this link to others: https://www.cyberproclub.com/subscribe

Thanks for reading.

Cal J Hudson

@caljhud