Benefits and Limitations

Agent scans and traditional active network-based scans each have their own benefits and limitations when discovering assets and analyzing vulnerabilities on your network.

In a nutshell, traditional active scans originate from a Nessus scanner that reaches out to the hosts targeted for scanning, while agent scans run on hosts regardless of network location or connectivity and then report the results back to the manager (e.g., Nessus Manager or when network connectivity resumes.

If traditional Nessus scanning is adequate for your environment and requirements, you may not need to use agents. However, for most organizations, Tenable recommends a combination of agents and traditional scanning to ensure full visibility into the entire network.

As you design the optimal scanning strategy for your organization's technology infrastructure, it is important to understand the differences between each scanning technology available to you. The following sections describe the benefits and limitations of each scanning method: