* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Native Application Protection Platform](https://www2.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/)
* Agent Vs Agentless: Deter...

# Agent Vs Agentless: Determining the Right Deployment Option for Cloud Workload Protection (CWP)

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fagent-vs-agentless-cwp%2F)  
[](https://twitter.com/share?text=Agent+Vs+Agentless%3A+Determining+the+Right+Deployment+Option+for+Cloud+Workload+Protection+%28CWP%29&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fagent-vs-agentless-cwp%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fagent-vs-agentless-cwp%2F&title=Agent+Vs+Agentless%3A+Determining+the+Right+Deployment+Option+for+Cloud+Workload+Protection+%28CWP%29&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/agent-vs-agentless-cwp/&ts=markdown)  
\[\](mailto:?subject=Agent Vs Agentless: Determining the Right Deployment Option for Cloud Workload Protection (CWP))  
Link copied  
By [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin") and [Omri Cohen](https://www.paloaltonetworks.com/blog/author/omri-cohen/?ts=markdown "Posts by Omri Cohen")  
Feb 29, 2024  
4 minutes  
[Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown)  
[Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[CWPP](https://www.paloaltonetworks.com/blog/tag/cwpp/?ts=markdown)

Organizations are embracing the cloud to facilitate digital transformation, from lifting and shifting to building cloud-native applications. Utilizing both public and private cloud services, they can swiftly and efficiently deliver applications and services to customers on a large scale. Cloud-native applications rely on various [workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload) such as VMs, containers, Kubernetes, and serverless functions. According to a recent study, public clouds host 53% of cloud workloads, offering development and DevOps teams adaptable and scalable infrastructure for application development, testing, and deployment.
![Figure 1: Different types of cloud workloads](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/Screenshot-2024-02-28-at-1.30.22 PM.png)
Figure 1: Different types of cloud workloads

## Cloud Workload Security Challenges

Securing cloud workloads involves protecting an increasingly large attack and dynamic surface. The dynamic nature of cloud workloads and their software, continually updated by development teams, poses a challenge for security teams to stay abreast of changes.

Gaining visibility stands as a critical initial step in cloud security, essential for comprehending risk and implementing real-time protection to effectively stop attacks. Agentless solutions provide seamless visibility into cloud workloads and the risks they present. Conversely, agent-based solutions offer continuous visibility, risk assessment, and runtime protection to stop attacks. An ideal solution should offer flexible deployment options, encompassing both agentless visibility and agent-based protection.Difference Between Agent-Based and Agentless Solutions

Agentless Security leverages the cloud to scan workloads and systems, meaning there's no need to install an agent on every device in your network. Agent-based solutions utilize sensors or agents to monitor cloud workloads continuously and employ runtime protection capabilities to stop attacks.

Deciding between agent and agentless for your cloud workload security can feel like picking a lock in the dark. If you're struggling to determine which approach best addresses your needs, the following pros and cons will shed light on your options, helping you decide between agent-based and agentless deployments.Pros and Cons of Agentless Solutions

The agentless approach is notably simpler compared to agent-based security solutions and can typically be fully automated. Agentless deployment facilitates quicker onboarding and setup of visibility, eliminating the necessity for direct access to all hosts or machines for security scans. Additionally, it entails reduced maintenance and lower provisioning costs.

That said, agentless solutions can't provide runtime monitoring for processes, runtime protection against exploits like cryptomining and malicious attacks.

## Pros and Cons of Agent-Based Solutions

Agents enable in-depth monitoring and protection of workloads. Agents can perform specialized scanning of components and services. The biggest differentiator is that agents offer runtime protection to block attacks such as malware, cryptomining, and reverse shell. In addition, some agents have the ability to provide real-time insights into running processes and network traffic that enables advanced capabilities like web app and API security.

On the other hand, agents can be time-consuming to install and may require additional maintenance.

## Decision Tree

Recognizing the importance of each deployment option can help you make the correct decision when choosing the right level of protection for your cloud workloads. The following decision tree will guide you through various considerations essential to your selection.
![Figure 2: Agent vs Agentless Decision Tree](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/word-image-315180-2.png)
Figure 2: Agent vs Agentless Decision Tree

## Prisma Cloud Capabilities

Prisma Cloud supports both agentless and agent-based deployment options. Below is a table of the capabilities supported for each deployment option.
![Figure 3: Capabilities table](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/02/Screenshot-2024-02-28-at-1.44.36 PM.png)
Figure 3: Capabilities table

## Learn More

Don't let the decision between agent and agentless workload security leave you in the dark. Find the guidance you need to choose the best approach for your organization in [our quick-access infographic](https://www.paloaltonetworks.com/resources/infographics/agent-vs-agentless).

Prisma Cloud secures applications from code to cloud, enabling security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment. If you haven't experienced the advantage, take Prisma Cloud for a test drive with a free[30-day Prisma Cloud trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial).

*** ** * ** ***

## Related Blogs

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Cloud Workload Protection, Now Operating at Full Context](https://www2.paloaltonetworks.com/blog/cloud-security/beyond-cloud-workload-protection-cwp/)

### [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/category/vulnerability-management/?ts=markdown)

[#### Implementing a Comprehensive Cloud Vulnerability Management Program](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-vulnerability-management-program-implementation/)

### [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Forrester Names Prisma Cloud a Leader in Cloud Workload Security](https://www2.paloaltonetworks.com/blog/cloud-security/forrester-wave-cloud-workload-security-leader-2024/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Beyond Visibility: Proactive Cloud Workload Security in the Real World](https://www2.paloaltonetworks.com/blog/cloud-security/visibility-cloud-workload-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Cloud Security Provider](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-provider/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Cloud Workload Protection Company of the Year](https://www2.paloaltonetworks.com/blog/2022/11/cloud-workload-protection-company-of-the-year/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown)

[#### Unit 42 Cloud Research Coming Up in Vegas: Must-see talks at Black Hat, DEF CON and Cloud Village](https://www2.paloaltonetworks.com/blog/cloud-security/prisma-cloud-def-con-black-hat-usa-cloud-village-2/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language