So if ‘agent- based' is at one end of the spectrum and ‘agentless' is at the other, is there another option that gives you the best of both worlds? The answer is yes - with ‘light-agent' security.
3. ‘Light-agent' security
In this architecture, the security software is still loaded onto a secure virtual machine, but an additional lightweight agent is installed on each VM. This unlocks the potential for deeper, multi-layered protection, including features such as web, device and application policy enforcement. Now you have achieved most of the benefits of the ‘agent-based' and ‘agentless' approach, giving you the flexibility to setup the most appropriate security posture for your environment.
You may now be scratching your head and wondering how you are supposed to manage all of this and your workstations, laptops and mobile devices. You are managing enough different consoles at the moment. You want to keep things as simple and straightforward as possible because complexity is the enemy of security.
There are security vendors out there that enable you to manage all types of endpoints from one single console. This allows you to effectively manage your security policies and close any gaps that would exist, when using multiple products and management consoles. However, be aware that not all ‘single' consoles are identical. Some provide a portal into multiple other consoles (with different interfaces).