Assessment Scanning Methods
Related Reading: Scanning Overview in the Tenable Security Center User Guide
There are two primary methods for assessing your assets: active network scans and agent scans.
- Active — use Tenable Nessus or Tenable Vulnerability Management scanners to assess defined networks and targets and send scan data back to Tenable Security Center
- Agent — use lightweight agents installed on endpoints to send scan data back to Tenable Nessus Manager or Tenable Vulnerability Management
For more information about the benefits and limitations of each type, see Benefits and Limitations in the Tenable Nessus Agent Deployment and User Guide.
Choose your assessment scanning method based on your targets. You may decide to perform both methods (scanning different target types by different methods) to ensure complete coverage and to properly assess your organizational risk.
Examples
Agent scans are a good choice for a system that is only occasionally on the network (or one that hops between multiple networks). Tenable Nessus Agents can report in from anywhere and do not need to stay within expected networks.
Active network scans are a good choice in most environments to assess systems connected in a data center. These systems usually have numerous listening network services and are always running. Network-based assessment scans assess each service individually and can be scheduled for specific times when the systems are not being heavily utilized.
Tip: For other needs, Tenable Security Center Continuous View also supports passive scanning via Tenable Nessus Network Monitor and event logging with LCE.