Today I would like to write about Qualys agent-based VM scanning. Agent-based scanning is a relatively new trend among VM vendors. At the beginning of Vulnerability Assessment, there was a prevailing view that the agentless scanning is more convenient for the users: you do not need to install anything on the host, just get credentials and you are ready to scan.
However, time passed and it now appears that installing agents on all hosts, where it is technically possible, may be easier, than managing credentials for authenticated scanning. Don’t forget the fact that almost all agentless scanning solutions require scanning account with root/admin privileges, and it’s not an easy task to minimize permissions of this accounts while keeping all functional capabilities of the scanner.
In recent years almost all major VM vendors who previously were promoting agentless scanning have also proposed agent-based solutions.
The main purposes of these solutions are:
- scan devices that periodically connect to the enterprise network and it’s hard to catch them with traditional active scan (for example, laptop);
- scan business critical hosts for which it is impossible to get scanning credentials.
VM vendors have taken different approaches for agent-based scanning. For example, Tenable agents are technically very similar to Nessus installations without web interface (read more at “Nessus Manager and Agents“), limited to can scan only the localhost. This seems reasonable, because historically Nessus scanner is available for many platforms, including Windows, Linux, MacOS. Qualys chose other way. They made minimalistic agents for data gathering, processing it on the remote servers. This is also fits well in Qualys cloud concept.
As I wrote earlier in “Qualys Vulnerability Management GUI and API“, Qualys working hard to make their web interface easier for beginners. When you go to CA (Cloud Agents) tab, the first thing you see is a user-friendly interface for quick start.
