Meet with an Uptycs expert at AWS re:Invent 2023. Meet with us →

Uptycs Adds Agentless Scanning for Cloud Workloads

New Capability Is First in Market to Protect Customer Data Sovereignty and Enable Full Customization Such as Support for YARA Scanning for AWS, Azure, and GCP

March 29, 02023

Uptycs, provider of the first unified CNAPP and XDR solution, today announced the addition of agentless scanning, offering customers more options to secure their cloud workloads. Customers can now use both deployment options, agent-based and agentless, to solve their organizations’ cloud security and compliance challenges. Extending Uptycs’ existing agentless cloud security offerings, this new feature enables security teams to scan 100% of their cloud workloads quickly-even unmanaged assets- to detect risk including misconfigurations, policy violations, exposed secrets, vulnerabilities, and malware.

Public cloud infrastructure gained popularity because of the ease by which developers could provision new infrastructure, without having to go through IT. However, they often bypass governance controls. Agentless workload scanning ensures that security teams can measure risk for 100% of their cloud workloads, including workloads where application owners don’t allow agents.

“Our customers spoke and we listened. Agentless workload scanning was an important request as security teams looked to remove the organizational friction associated with installing agents,” said Ganesh Pai, co-founder and CEO of Uptycs. “With this addition, our customers can measure security risk across their entire cloud workload estate. With the option to deploy agent-based and agentless workload security, our customers get the best of both worlds—100 percent coverage and continuous runtime security for critical workloads.”

Uptycs’ agent-based workload protection capabilities provide the highest level of security with continuous observation of the runtime, including ATT&CK-mapped behavioral detections and remediation and blocking capabilities. Agentless workload scanning offers compensating controls when installing agents is not possible or in situations where fast and complete coverage is critical, such as when supporting mergers and acquisitions. Key benefits of Uptycs’ agentless workload scanning:

  • 100% coverage - With agentless scanning, customers can quickly extend workload security to rogue virtual machines (VM), workloads, or environments that security teams do not have access to.
  • Fast, friction-free deployment - Agentless workload scanning gives customers a fast, point-in-time snapshot of the security posture of all workloads in the environment. Customers can measure risk (vulnerabilities and misconfigurations), detect malware, and understand the compliance posture of workloads. It’s completely passive and does not interfere with applications, or require involvement from other teams.
  • No customer data leaves the customer’s environment - Unlike other agentless workload scanning offerings, no data leaves the customer environment—only API calls enter and metadata scan results leave. This model preserves customers’ data sovereignty and protects privacy and is important for organizations in highly-regulated industries.
  • Customers can choose the combination that best meets their needs - With both options available, customers can deploy Uptycs sensors for workloads requiring the highest level of security, while still ensuring visibility into risks for their entire environment with the agentless deployment.
  • Standardized telemetry - The Uptycs agentless workload scanning uses the same technology as the sensor, without requiring agent installation. This means that telemetry is normalized at the point of collection and immediately available for analysis, reporting, and query. Both deployment options are available through one user interface (UI) and offer unmatched customization options such as support for YARA rules.

In the most recent Market Guide for Cloud Workload Protection Platforms, Gartner recommends adding the option for agentless CWPP deployment: “Design for CWPP scenarios where runtime agents cannot be used or no longer make sense. Require CWPP and CSPM vendors to support agentless deployment options.” 1

Note: Agentless workload scanning for AWS and GCP will be available to all Uptycs customers in Q4, 2022, with support for Azure following in Q1, 2023

About Uptycs

Your developer’s laptop is just a hop away from cloud infrastructure. Attackers don’t think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers?

Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface—all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.

Looking for acronym coverage? We have that, too, including CNAPP, CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud, Google-like search, and the attack surface coverage you need today. Be ready for what’s next.

Shift your cybersecurity up with Uptycs. Learn how at:


1 Gartner, Market Guide for Cloud Workload Protection Platforms, July 2021

Media Contact

Stephanie Schlegel

Offleash for Uptycs

Resources for
the modern defender

Prepare for any challenges that lie ahead by choosing
the right tools today.


Gartner Hype Cycle for Application Security, 2022


Gartner Hype Cycle for Application Security, 2022


Gartner Hype Cycle for Application Security, 2022


See Uptycs in action

Start with our free, no-obligation 35-day trial. Get comfortable with Uptycs using synthetic data, then deploy to a live environment.