High Latency Networks
In traditional Tenable Nessus scanning, a best practice is to put the scanner close to the assets targeted for scanning and never scan across a WAN. This strategy has proven difficult for deployment scenarios where the targeted assets do not have the luxury of a local Tenable Nessus server. These scenarios include ships underway, mobile military operations, and areas with high latency and low bandwidth. These networks typically rely on satellite connections for connectivity. The network burden that a port, protocol, and service scan produces when running a full active scan can easily take down a satellite connection.
Tenable Nessus Agents help solve this problem by significantly minimizing network traffic related to scanning.
There are three types of data transmitted when using Tenable Nessus Agents:
- Command and control data — Transmitted from the manager to Tenable Nessus Agents, this data represents the who, what, when, where and how needed to complete the task of local scanning. This data is the smallest set of data that traverses the network.
- Results data — Result data varies in size due to the scan configuration. Historically, compliance scans are larger than vulnerability scans. This data transmits back to the manager for aggregation. Update data is the largest data type transmitted using Tenable Nessus Agents.
- Updates — When you install a Tenable Nessus Agent and link it to a Tenable Nessus Manager, the agent downloads a full set of plugins. Once that first full download completes, the agent only downloads incremental plugin updates. This approach drastically reduces the ongoing network traffic by only pulling content deltas across the network. Also, you can handle code updates by patch management systems like System Center Configuration Manager (SCCM) or Yellowdog Updater Modified (YUM), or via the manager itself.