How Does SecurityCenter 5.1 Eliminate Security Blind Spots?
Both SecurityCenter and SecurityCenter Continuous View 5.1 automate the importation of Nessus Agent data from Nessus Cloud and Nessus Manager. Nessus Agents deliver a consistent, comprehensive view of vulnerabilities, misconfigurations, patches, anomalies, and malware across Windows, OS X and Linux assets without the need for credentials. They are especially useful for protecting transient, remote, and other hard to scan assets
Why Use Nessus Agents with SecurityCenter?
Today’s extended networks and mobile devices make assessing and protecting all of your environment extremely difficult. Now it is possible to leverage Nessus agent technology to increase scan coverage and remove blind spots. Nessus agents were first introduced with Nessus 6.3 in February 2015, and platform coverage continues to expand. Agents provide vulnerability scanning and configuration assessment access for:
- Transient systems, like laptops, that are often disconnected from the network when traditional scans run.
- Systems connected over limited bandwidth connections or across complex, segmented networks.
- Systems for which the security team lacks the credentials required to perform authenticated scanning.
- Fragile systems that are unsafe to scan with traditional scanning.
How do Nessus Agents and SecurityCenter Work Together?
Nessus agent scans, configured from within Nessus Cloud or Nessus Manager, identify vulnerabilities, policy-violating configurations and malware on the hosts where they are installed, report results back to Nessus Cloud or Nessus Manager, and then the results are imported into SecurityCenter on a scheduled basis. By scheduling the import of the agent collections, you will ensure your reports and overall security metrics now include “all” the hosts in your environment.
What is the Recommended Deployment Model?
Tenable recommends that you use Nessus Cloud to manage Nessus agents and to transfer agent data to SecurityCenter, as shown below.
Tenable recommends the Nessus Cloud deployment model for the following reasons:
- Safely secure your mobile workforce: You may have thousands or tens of thousands of remote/mobile workers whose laptops are not online during a vulnerability scan. Nessus agents will run the scans locally and then upload result to Nessus Cloud when a connection is available, without the risk associated with every agent uploading its individual results through your firewall.
- Simplify management: Tenable manages Nessus Cloud for you. We are responsible for high availability, we backup the data, and we perform the software updates. You manage their vulnerability data, not the Nessus platform.
- Scale with ease: As your use of Nessus agents increases, you will not need to upgrade your computing and storage infrastructure to accommodate the growth.
- Scan your perimeter: Many SecurityCenter customers that already manage internal scanning to satisfy PCI compliance requirements, also use Nessus Cloud to satisfy external PCI scanning requirements that must be performed by an approved scanning vendor (ASV). If you are not already doing so, this deployment model will make it easy for you to add this capability.”
- Preserve internet bandwidth: Importing scan data in bulk from Nessus Cloud can be scheduled during off hours to preserve daytime bandwidth for your business users. Additionally, managing a single connection between Nessus Cloud and SecurityCenter reduces network overhead compared with managing thousands of connections with individual agents.
If desired, you can use Nessus Manager in place of Nessus Cloud to manage the agents. In this case, Tenable suggests you deploy Nessus Manager as a proxy between the agents and SecurityCenter.
How are Agents Deployed?
Agents are available as installable packages for Windows, OS X, and Red Hat, Fedora, and CentOS Linux. These packages are available in the Downloads area of the Tenable Support Portal. Agents for Ubuntu, Debian, and AWS are planned for future availability.
How do Scans use Agents?
Agents must have access to Nessus Cloud (or Nessus Manager) to get scan jobs and report results. The user interface provides an option to select groups of agents to serve as targets for the assessment. You will then need to specify when agents can check in and upload its results for a particular assessment.
Deployed agents are configured via Nessus Cloud (or Nessus Manager). Configuration includes:
- Registering agents
- Assigning agents to groups
- Setting up scan policies and running scans
- Getting plugin updates
How are Agent Results Imported into SecurityCenter?
Use the following steps to import scan results from Nessus Cloud (or Nessus Manager) into SecurityCenter:
1. All agent configuration is performed from Nessus Cloud (or Nessus Manager).
2. Choose the preferred Nessus Agent management model: cloud or on-premises (with Nessus Manager)
a. If you choose “Cloud” then you will use Nessus Cloud to deploy, manage, and update agents.
b. If you choose “On-premises”, you will install Nessus Manager to deploy, manage and update agents.
i. Nessus Manager can be deployed in a DMZ as a “proxy” that is Internet-accessible for remote agents.
ii. Alternatively, Nessus Manager can be deployed without direct access from the Internet; Agents will only operate (update, run scans) when they are able to access Nessus Manager, such as when they are located in the corporate network, connected via VPN, etc.
3. In Nessus Cloud/Nessus Manager, you will configure scan processes.
4. In SecurityCenter, we recommend creating a new repository for agent results and enable the host-tracking feature.
5. Note that the IPs of imported agents will count against your SecurityCenter IP license.
6. Inside of SecurityCenter, you will create the schedule for importing the agent jobs. This schedule should mimic the approximate time the agent window closes. Doing so will ensure the agents import in the most timely manner.
How are Nessus Agents Licensed?
Nessus agents are included as part of every Nessus Cloud or Nessus Manager subscription. SecurityCenter customers should contact their Tenable representative about how to add-on Nessus Cloud or Manager to their SecurityCenter license.