Traditional Active Scans (Credentialed)
A traditional active credentialed scan, also known as an authenticated scan, provides a deeper insight than a non-credentialed scan. The scan uses credentials to log into systems and applications and can provide a definitive list of required patches and misconfigurations.
Because a credentialed scan looks directly at the installed software, including at the version numbers, it can assess items such as:
- Identifying vulnerabilities in the software.
- Evaluating password policies.
- Enumerating USB devices.
- Checking anti-virus software configurations.
It performs all these tasks with minimal to no impact on the device.
- Consumes far fewer resources than non-credentialed scanning because the scan executes on hosts themselves rather than across the network.
- Non-disruptive in most cases; that is, does not have a negative effect on the network, device, or application being tested.
- Provides more accurate results—a complete enumeration of software and patches installed on the host.
- Uncovers client-side software vulnerabilities.
- Requires credentials management for each scanned host.
Note: Tenable integrates with leading password vaults and password managers to alleviate this limiation for traditional active credentialed scanning.
- Large organizations can potentially struggle with creating service accounts with the proper rights and access needed to safely conduct a credentialed scan.
- Password rotation requirements can add to management complexity.
- Misses transient devices that are not always connected to the network.