Phase 2: Component Deployment & Rapid Visibility

Establish comprehensive visibility by deploying external and internal assessments: start with external-facing asset discovery for rapid, credential-free visibility into your internet-facing perimeter, then validate and expand coverage with internal scans using credentialed assessments. Deploy your initial set of sensors (network scanners and agents) to cover both external and internal assets. The specific order of internal component deployment varies based on your environment's scope and readiness, but the goal is to start efficiently and ensure complete coverage.

Expected Outcomes

During this phase, you establish rapid visibility by deploying and configuring your internal sensors and setting up initial scans. This includes:

  • Completing external perimeter scans successfully to establish rapid visibility of internet-facing assets.

  • Creating and applying an initial set of tags to assets for basic grouping and context. For more information, see Tags.

  • Deploying and configuring Tenable Nessus scanners for network-based asset discovery and vulnerability enumeration. For more information, see Nessus Scanners.

  • Deploying Tenable Agents to remote or transient workstations, as needed based on scope. For more information, see Tenable Agents.

  • Creating and running scans against internal assets. For more information, see Scan Templates.

  • Populating the Explore page successfully with asset results. For more information, see Explore Assets.

Why This Is Important

You cannot protect what you cannot see. Starting with external scans provides immediate benefits by rapidly identifying your most exposed assets with zero credential management or internal network changes. However, external scans alone provide only partial visibility. Internal assessments—especially credentialed scans—validate external findings, uncover configuration weaknesses, and discover assets not visible from outside your network. Together, external and internal scans ensure complete visibility and accurate vulnerability data before moving to Phase 3: Data Normalization & Asset Hygiene, where asset hygiene and data accuracy are refined.

Verification

Verify the success of this phase by confirming the following:

  • At least one external network scan completes successfully with no errors. For more information, see Scan History.

  • At least one internal credentialed scan completes successfully with no authentication errors. If authentication errors occur, see Troubleshooting Plugins for resolution guidance.

  • The Last Seen attribute in the asset workbench is current, and results show in the Explore page.

What to do next:

Once you establish the external-facing view, move to Phase 3: Data Normalization & Asset Hygiene to refine the internal data quality.

Note: If internal credential or agent deployment is not ready, you may proceed to Phase 3: Data Normalization & Asset Hygiene to focus on data normalization. However, you must prioritize internal component deployment before moving to Phase 4: Policy & Risk Context Configuration.