Best Practices for Tenable Agents

The following sections contain best practice guidance:

General Best Practices

Note: For agent deployment best practices and considerations, see Deployment Considerations.

  • With network scans, never scan through or try to bypass devices such as firewalls, switches, etc., that are designed to obfuscate or impede scans (for example, network address translation).
  • Either put Tenable Nessus scanners in every segment, closest to the host, or run agents locally on the system, which does not require explicitly making an overage of firewall rules. Both solutions require minimal firewall rules to provide connectivity when implemented correctly.
  • For full visibility into your network, Tenable recommends that you combine agent-based and network scanning to identify risk across your entire network. This approach is especially important for organizations in the United States Federal Government as there are specific laws and acts that mandate you evaluate the entire spectrum of your risk.
  • For shared resource environments, such as VDI or ESXi, Tenable recommends setting agents' Plugin Compilation Performance to medium or low to ensure that agents have a minimal impact on CPU usage when compiling plugins.

Data Aggregation in a Hybrid Environment

This section briefly identifies areas to consider when aggregating Tenable Agent data from Tenable Nessus Manager into Tenable Security Center repositories. It is important to note that communications to the Tenable Nessus Manager for data retrieval initiate from Tenable Security Center. Once Tenable Agent data is imported, all normal Tenable Security Center operations such as vulnerability analysis, compliance, and workflow automation apply.

  • Carefully consider agent group size to reduce the volume of data being imported into Tenable Security Center at a given time. Tenable recommends limiting the number of agents per scan in Tenable Nessus Manager or Tenable Vulnerability Management to 1,000 agents. Importing large amounts of data to Tenable Security Center while parallel operations are occurring impacts Tenable Security Center performance.
  • Properly plan the number of Tenable Nessus scanners and Tenable Nessus Managers connected to Tenable Security Center, seeking guidance from Tenable technical support staff if needed.
  • Properly plan the number of concurrent scans to include agent scans (agent data retrieval process), concurrent users, number of dashboards configured, and frequency/type of reports operating on a Tenable Security Center, seeking guidance from Tenable technical support staff if needed.