Every organization has needs that will be somewhat different from another related to their vulnerability management program. This can vary from the scanner used (cloud or on premise), the places where sensors are deployed, technology in your environment, and over needs of your vulnerability management program. The following is some recommended deployment best practices that, hopefully, should apply to everyone.By: Justin Fimlaid

Tenable IO Sensor Deployment

Every organization has needs that will be somewhat different from another related to their vulnerability management program.  This can vary from the scanner used (cloud or on premise), the places where sensors are deployed, technology in your environment, and over needs of your vulnerability management program.  The following is some recommended deployment best practices that, hopefully, should apply to everyone.

Tenable IO Scanning

Attempting to conduct actor scans through firewall or other network devices may have a negative impact on scan results or on the network device itself. Therefor it is best to deploy additional Nessus scanners in hard to reach places and in portions of the network that are segregated behind firewalls. Since the scanners reside on the same network segment as their target these scanners can access their target systems easily without network topology issues interfering with their operation.

Scaling your Tenable IO Scan

For scaling purposes Tenable recommends that an additional scanner is deployed through at least every one thousand intended scan targets. Customers should then assign scanners to scanner groups so groups of scanners can share in load sharing for large scale scans.  Users should place passive network monitor listeners in each network segment for full network coverage. Passive network scanners are placed on a span port, virtual span port, or network tap.  This allows Tenable IO to see all network traffic in all directions, inbound, outbound, and host to host as long as it traverses the network device from which Nessus network monitor is getting data. Network admins can also place a listener at the ingress and egress points to audit communications into and out of the environment.

Perimeter

Each sensor should have at least two network interfaces, one for management and one for listening rated for a maximum of 1 GB of traffic. With the special license and specific hardware traffic up to 10 GB can be monitored. Deploying Nessus agents on a per host basis can help overcome obstacles like systems with uncertain connectivity such as remote offices and mobile laptops. Agents can conduct local vulnerability, configuration, and compliance assessments. Agents are ideal for deploying with a standard system image to ensure greater asset coverage. A best practice is to have all new agents join the default group such as newly deployed agents for easy new agent identification and later sorting. This process can be automated during installation or by using the built-in command line tool.

Tenable IO Distributed Network

Tenable IO includes access to Tenable’s distributed network of cloud scanners for scanning public facing assets. These require no deployment efforts and are maintained by terrible. Tenable also provides Nessus as a preauthorized scanning solution in the AWS marketplace for Amazon elastic compute cloud or E2 platform. It can be used to scan AWS EC2 assets. As it uses a prebuilt integration, identifying assets to be scanned in real-time is an automatic process.  Tenable also offers third-party connectors for AWS and Qualys. AWS Cloud Trail must be configured and an IAM permissions policy created prior to creating the AWS connector.

If you need assistance with Tenable IO, advice on deployment practices, or turn-key support with Tenable vulnerability management managed services contact us today!

Pin It on Pinterest

Share This