IAST Deployment Models

Agent-based deployment represents the most common IAST approach. Lightweight agents attach to application runtime environments, requiring minimal configuration changes. For Java applications, this might involve adding a -javaagent parameter to JVM startup. .NET applications might require enabling profiling APIs. These agents automatically instrument applications upon startup, requiring no source code modifications.

SDK-based deployment provides deeper integration for organizations wanting more control. Rather than automatic instrumentation, developers explicitly add IAST sensors to their applications through library includes. This approach enables fine-grained control over what gets monitored and can reduce performance overhead by focusing on critical code paths. SDK deployment also works in environments where agent-based approaches face restrictions.

Hybrid deployment models combine agent and SDK approaches for maximum flexibility. Agents provide baseline coverage automatically while SDK integration enables enhanced monitoring of critical functions. This combination ensures comprehensive security coverage while allowing optimization for specific requirements. Some organizations start with agents and gradually add SDK integration as they mature their IAST usage.