Considerations for Air-Gapped Environments

Consider the following when deploying Tenable.sc in an air-gapped (offline) environment.

Architecture

You must deploy a Tenable.sc and a set of scanners within each air-gapped network.

If you want to consolidate data from other networks with the data generated in your air-gapped network, you can use offline repositories to export data from your air-gapped Tenable.sc to your other instance of Tenable.sc. This supports both consolidated and federated reporting structures.

Upgrades and Updates

Tenable recommends performing Tenable.sc upgrades at least once a year (quarterly preferred) and plugin/feed updates at least once a month. After you perform a plugin update, run comprehensive scans to take advantage of the new vulnerability data and generate current scan results.

Note: A few plugins require internet access and cannot run in an air-gapped environment. For example, Tenable Nessus plugin 52669 checks to see if a host is part of a botnet.

After you perform a plugin update or feed update, verify the files as described in the knowledge base article.

To perform a Tenable.sc upgrade or a plugin/feed update offline:

Tip: You can use the API to automate some Tenable.sc upgrade and plugin update process.

  1. Download the files in a browser or via the API.
  2. Verify the integrity of the files.
  3. Move the files to your Tenable.sc instance.
  4. Upload the files to Tenable.sc.

Tenable Nessus Agents

If you deployed Tenable Nessus Manager to manage Tenable Nessus Agents in an air-gapped environment, perform an offline software update (nessus-agent-updates-X.X.X.tar.gz on the Tenable Downloads site) on your Tenable Nessus Manager. Tenable Nessus Manager pushes the update to the managed Tenable Nessus Agents.

For more information, see the knowledge base article.