Are you looking to build your vulnerability management program using Tenable products? If so, this quick start guide will help you get orientated with the Tenable Vulnerability Management suite.
What is Tenable Vulnerability Management?
Formerly Tenable.io, Tenable Vulnerability Management is Tenable’s cloud scanner, or SaaS platform. Hosted in the cloud, Tenable Vulnerability Management offers users many benefits such as scalability, global availability, and cloud asset management. It’s comprised of multiple types of sensors and produces solutions that work together to assist organizations with measuring their cyber exposure.
When to Use Tenable Vulnerability Management Sensors, Agents, and Scanners
Tenable Vulnerability Management supports multiple types of sensors from internal and cloud-based active scanners to passive sensors, agents, and third-party connectors. Users must weigh the benefits and disadvantages of each type of sensor when setting up their environment. Active Nessus scanners are the core of Tenable Vulnerability Management data gathering. They have the capability to fully enumerate SSL and TLS ports and are the best sensors for gathering vulnerability information.
Tenable Internal Scanners
Internally placed scanners identify compliance and network vulnerabilities. However, active port scans can be invasive and have the potential to disrupt some devices, especially when credentials are not used. Using administrator level credentials in an active scan can greatly reduce this risk since credentials allow the scanner to perform many checks locally. A credential scan is the recommended best practice detecting many more vulnerabilities than an uncredentialed scan and utilizing less network bandwidth to test targets. If you’re worried about adding another admin credential then you should look into the CyberArk Vault integration for Tenable to protect privileged accounts.
Tenable Passive Network Monitor
Passive Nessus network monitor sensors are the type of sensor best suited for an operational technology or OT environment and for other fragile devices. Using Nessus’ network monitor is also an excellent way to detect new assets on network. But since it only senses network traffic, they don’t gather as much information about assets as active scanners do.
Tenable Agents
Nessus agents are ideal for systems that cannot be reliably reached by the network (e.g., laptops for a mobile workforce that only occasionally connects to the corporate network). Agents always perform local or credential checks with the system level account, which can detect more vulnerabilities than an uncredentialed network scan. This eliminates the need to use remote credentials for high quality scans such as on database servers or protected networks where inbound network traffic is very undesirable. Since the scan is local, it generally runs faster than an active scan. Agents are not the most effective solution for targets with minimal resources since they’re installed locally, and also don’t enumerate network level services (e.g., SSL/TLS).
Tenable Vulnerability Management Cloud Scanners
Cloud scanners are the best sensors to use for detection and vulnerability assessment of public facing and cloud assets. Cloud scanners have multiple advantages. Since they’re hosted by Tenable, there’s no user maintenance, and they give users insight into what an attacker can see from outside the network. Keep in mind that cloud scanners cannot scan internal assets. Tenable. also supports third-party connectors for AWS and Qualys. These allow users to identify cloud assets easily and are API driven for automatic visibility, though some connectors require setup to work properly.
All sensors combine to add data into multiple Tenable product solutions. Tenable Vulnerability Management is a comprehensive solution built on leading Tenable Nessus technology and managed in the cloud that helps customers understand their cyber exposure. Additionally, Tenable supports options for container security, PCI ASV, and web application scanning. Tenable Vulnerability Management features a streamlined and intuitive interface for managing assets and vulnerabilities. It collects vulnerability and asset data from all sensors and combines the data into multiple dashboards and reports.
If multiple sensors detect the same asset, that data is combined for a full picture of each asset and its activities. Customers can also recast or accept vulnerability risk so they can tailor it to their own unique environment and needs.
Tenable Vulnerability Management Web Application Scanning
The Tenable web application scanning solution organizes all web application vulnerabilities on a single dashboard. It uses a specialized scanner that can detect some web vulnerabilities that a regular Nessus scan will miss. Specialized scan policy templates make web application scans easy to configure. Tenable container security fits into users’ DevOps pipelines to make them aware of issues with their images.
PCI DSS Approved Scanning Vendor
Tenable Vulnerability Management is a certified global ASV or Approved Scanning Vendor solution for the Payment Card Industry Data Security Standard or PCI DSS. The PCI ASV product solutions enables users to satisfy their external PCI reporting requirements. The PCI workbench offers an easy way to submit track and attestations.
Tenable OT Security
Tenable’s industrial security solution offers great technological value for OT users. Tenable OT Security manages multiple Nessus network monitor passive sensors allowing for safe vulnerability detection in a fragile OT environment. Tenable has a partnership with Siemens to detect many types of industrial control system or ICS devices.
