Third-Party Agents Prove an Overlooked Cybersecurity Risk

Third-party software agents are quietly expanding the cybersecurity attack surface across enterprises — and few are paying close enough attention. In this interview, Andy Weidner, CISSP, Product Manager, Nerdio, explains why these agents pose significant risks and how organizations can pivot to safer alternatives. From agent-based vulnerabilities to Zero Trust architecture, he outlines the path forward for modern IT security. At a high level, why do third-party agents create security risks for organizations?

One of the most underestimated risks in IT environments is the use of third-party tools that rely on agents installed on servers or end-user devices. Third-party platforms often require the use of agents installed directly on client systems. These agents are essential to the operation of the software. But they create entry points for attackers if they’re not regularly updated, patched, or properly configured – and there’s little transparency showing how effectively and frequently most vendors are doing each of these. 

The issue is exacerbated when agents incorporate suboptimal security practices, such as using hardcoded credentials, outdated security protocols and outdated software dependencies. 

Looking a little deeper, what are the biggest security challenges introduced by these third-party agents?

Essentially, it comes down to three major issues. First, these agents create a bigger attack surface, as every agent running on a server or endpoint becomes another possible way in for attackers. If an agent is vulnerable, the whole environment can be compromised. 

Next are the cumbersome maintenance demands. Keeping agents secure requires frequent updates and patches, but even the most diligent organizations can fall behind. A delayed patch or missed update can leave systems open to exploitation. 

Finally is the issue of having to trust an outside entity. When you employ a third-party agent, you’re handing over a huge amount of trust to someone else, with little control over whether or not they make costly mistakes. 

Is there a better alternative to third-party agents?

Pretty much every third-party platform will rely heavily on agents. That’s why enterprises should consider native solutions instead. There are a few different choices here depending on an organization’s needs. But generally speaking, there’s one name you can’t go wrong with: Microsoft.

Native Microsoft tools like Microsoft Defender, Azure Virtual Desktop (AVD), and Microsoft Intune all incorporate a secure, scalable architecture. Since these sort of Microsoft native tools are cloud-based and from Microsoft themselves, they minimize the attack surface, providing organizations with a more secure way to manage environments. 

While you should always verify the status of your patching and update efforts, Microsoft provides a variety of systems and tools to help keep things up to date and secure. Tools like Windows Autopatch and Hotpatch can keep systems up to date automatically and even without the need to reboot. Microsoft also releases weekly updates on Patch Tuesday to ensure issues get addressed in a timely manner. For their Platform-as-a-Service offerings like Azure Virtual Desktop, Microsoft manages the updates themselves and can perform updates as soon as possible. A recent example is the swift resolution of the Azure Virtual Desktop Elevation of Privilege Vulnerability (CVE-2025-21416), which was patched before widespread exploitation could occur.

This all seems to dovetail with a Zero Trust approach to security? 

Absolutely. Zero Trust operates under the assumption that threats can exist both inside and outside an organization’s network. It aims to improve security by enforcing strict verification and access controls, regardless of whether the user or device is within the corporate network or external to it. Before access to resources is granted, each endpoint is authenticated to reduce unauthorized access and data breaches. The core principle of Zero Trust is "never trust, always verify." Third-party agents simply don’t fit into this framework.

Zero Trust leverages multi-factor authentication (MFA) and other techniques to provide safe access to resources over the public internet. Zero Trust technologies, such as the Microsoft Entra ID Identity and Access Management (IAM) service, support this framework with modern authentication protocols such as OpenID Connect, SAML, and OAuth 2.0. These protocols allow users to security access resources over the public internet, removing the dependency on a secure perimeter network. 

In today’s shifting IT landscape, which is characterized by increasing hacker sophistication and emerging cybersecurity threats, there’s more urgency than ever to embrace Zero Trust security. It’s a must have now, not something that should be on the roadmap for years down the road.

Is there anything else you’d like to add?

Emerging technologies and IT trends are delivering massive business value to the enterprise. But big change is always a little tricky to manage, too. The challenge of AI, hybrid work, and hyper-distributed clouds is staying ahead of evolving cybersecurity threats. Mitigating these risks takes major alignment from the C-suite and down. That’s a significant strategic effort. At a tactical level, there are two easier starting points you should consider: Pivoting from third-party agents and implementing full Zero Trust security across the organization.