Agents

When people ask me how should they start building Vulnerability Management process in their organization (well, sometimes it happens), I advice them to create an effective Asset Management process first. Because it’s the foundation of the whole Infrastructure Security.

Asset Management. Because someone has to clean up this mess.

The term “Asset Management” has different meanings and if you start to google it, you will get some results related mainly to finance sphere. I use this term as Qualys and Tenable. For me Asset Management is the process of dealing with network hosts.

So, what should you do in situation described in the tweet above, when you don’t know exactly how many Windows hosts you have in your corporate IT environment? And, more importantly, why do you need to know?

Continue reading →

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it’s not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable.

IP Summary

You can try it for free. Let’s see how to do it. For example we have a CentOS 7 server and we want to see vulnerabilities of this host in Vulners.

Continue reading →

Tenable Network Security has announced today a new cloud platform – Tenable.io. Let’s see what it’s all about.

Applications

As you can see on this figure there will be three applications available for the platform: familiar Vulnerability Management (the new name of Nessus Cloud), new Container Security (Tenable bought FlawCheck service last October) and the long-awaited Web Application Security (not available yet).

It’s not clear yet how closely these services will be integrated with each other. But now even trial versions of Container Security and Vulnerability Management should be requested separately.

Continue reading →

In this post I would like to share my experience with Tenable Nessus Manager. And especially how to manage agented scans with it.

Nessus Manager and Agents

First of all, I will, once again, briefly describe main editions of Nessus vulnerability management solution. Three of them, that you can deploy in your infrastructure, and one is cloud based (Nessus Cloud).

It’s of course well known Nessus Home edition, that is free for home users. Nessus Home is strictly limited by amount of IP addresses you can scan. If you try to use it in some commercial environment you might have some problems with Tenable. But for scanning some home servers and desktops, or perhaps study how vulnerability scanners work it is a really great option. You can get home license automatically after filling the registration form. I described how to register Nessus Home, configure and use it in my earlier post.

The other Nessus Professional edition is for cybersecurity professionals/individuals, who may use this product for security assessment. It is most popular version of Nessus. There is no limit in IP addresses, so you can purchase one license for Nessus Professional scanner and theoretically scan everything in your organization. The cost of the scanner is just about $2,000. Very reasonable price comparing with other competitors. It also supports multiple user accounts.

If Nessus professional does such a beautiful job, why should anybody want something else? The answer is managing multiple connected vulnerability scanners and local agents. You can configure another edition, Nessus Manager, to run scan tasks from remote connected Nessus Professional scanners. You can also configure Nessus Manager to run audit and compliance scan tasks with locally installed Nessus agents. And it is the only way to do it. Even if you’ve already purchased some expensive Enterprise Vulnerability Management product from Tenable, such as Tenable Security Center or Tenable Security Center Continuous View you still will need to pay extra ~$3,000 – $5,000 for Nessus Manager if you want to use local agents.

Nessus Cloud is like Nessus Manager but it is hosted on remote Tenable servers.

Why may you need to use local agents for scanning? The most of obvious reasons is that in this case you won’t need to manage accounts for authenticated scan. You can also check how Qualys made Agented Scanning and compare it with Tenable approach bellow.

Continue reading →

Today I would like to write about Qualys agent-based VM scanning. Agent-based scanning is a relatively new trend among VM vendors. At the beginning of Vulnerability Assessment, there was a prevailing view that the agentless scanning is more convenient for the users: you do not need to install anything on the host, just get credentials and you are ready to scan.

Qualys Cloud Agents logo

However, time passed and it now appears that installing agents on all hosts, where it is technically possible, may be easier, than managing credentials for authenticated scanning. Don’t forget the fact that almost all agentless scanning solutions require scanning account with root/admin privileges, and it’s not an easy task to minimize permissions of this accounts while keeping all functional capabilities of the scanner.

In recent years almost all major VM vendors who previously were promoting agentless scanning have also proposed agent-based solutions.

The main purposes of these solutions are:

scan devices that periodically connect to the enterprise network and it’s hard to catch them with traditional active scan (for example, laptop);
scan business critical hosts for which it is impossible to get scanning credentials.

VM vendors have taken different approaches for agent-based scanning. For example, Tenable agents are technically very similar to Nessus installations without web interface (read more at “Nessus Manager and Agents“), limited to can scan only the localhost. This seems reasonable, because historically Nessus scanner is available for many platforms, including Windows, Linux, MacOS. Qualys chose other way. They made minimalistic agents for data gathering, processing it on the remote servers. This is also fits well in Qualys cloud concept.

As I wrote earlier in “Qualys Vulnerability Management GUI and API“, Qualys working hard to make their web interface easier for beginners. When you go to CA (Cloud Agents) tab, the first thing you see is a user-friendly interface for quick start.

Cloud Agents Welcome

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Agents

Why Asset Management is so important for Vulnerability Management and Infrastructure Security?

Vulners Cloud Agents for Vulnerability Management

Nessus Manager and Agents

Dealing with Qualys Cloud Agents