Passive Vulnerability Scanner Features

Performs Automatic Discovery of Users, Infrastructure and Vulnerabilities

Real-time Network Monitoring

Continuous Scanning:

  • Delivers continuous scanning and assessment of an organization’s network in a non-intrusive manner
  • Monitors network traffic at the packet level to provide visibility into both server and client-side vulnerabilities
  • Scales to meet future scanning demands of proliferation of devices, including virtual systems and cloud services

Full Asset Discovery:

  • Network devices
  • Virtual- and cloud-based devices
  • BYOD/mobile devices
  • Jailbroken iOS devices

Vulnerability Assessment:

  • Automatic infrastructure and vulnerability assessment
  • Identifies server- and client-side vulnerabilities in new and transient assets
  • Detects vulnerabilities on communicating systems and the protocols and applications used
  • Identifies when an application is compromised or subverted

Mobile Risk Identification:

  • Finds BYOD/mobile devices
  • Identifies mobile operating systems
  • Detects application and OS vulnerabilities

Network Security Monitoring:

  • Detects and documents new hosts added to a network
  • Continuously discovers and tracks users
  • Discovers when internal systems begin port scan of other systems
  • Highlights all interactive and encrypted network sessions
  • Spots which ports served and browsed for each individual system
  • Passively determines the operating system of each active host

Compliance and Deployment

PCI DSS Compliance

The PCI DSS requires accurate and comprehensive identification of all systems involved in the transmission, processing or storage of credit card data. These systems collectively comprise the "cardholder data environment" (CDE) where PCI DSS controls must be consistently applied and validated on an annual basis. Organizations also must provide evidence of procedures to maintain the integrity of the CDE. Passive Vulnerability Scanner™ (PVS™) not only monitors known data flows in/out of the CDE but also identifies undocumented data flows, particularly of unencrypted payment card information.

Deployment Options

PVS is offered at two performance levels; 1 Gbps for monitoring small networks and network segments. And 10 Gbps which extends PVS to high performance datacenters and Internet ingress/egress points. Both performance levels are available as software for installation on customers’ virtual or physical infrastructure and pre-packaged on a Tenable hardware appliance. All configurations are available for self-contained deployment and as an integrated sensor in Tenable’s continuous network monitoring solution, SecurityCenter Continuous View™, which combines network state assessment, network activity monitoring and extensive reporting.

Getting Started


Get a 30-day trial for your organization

Try Now


Get the full power of passive scanning

Buy Now