Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Easier Credentialed Scanning with Nessus Cloud and Nessus Manager

Note:  Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.


For a long time now, we have been discussing the benefits of doing credentialed vulnerability scans with Nessus®—the benefits of getting more accurate and richer results. If you instruct Nessus to do a non-credentialed scan, it can probe a service remotely and attempt to find vulnerabilities; but if you provide Nessus with credentials, it can query the local host to see much more information. For example, you can determine if a patch for a given vulnerability has been applied. The credentialed scan is far more accurate (and safer) than running a remote check.

The credentialed scan is far more accurate (and safer) than running a remote check

However, we have also heard from people who don’t run credentialed scans. Sometimes it’s for reasons that frankly don’t seem that reasonable. For example, we've heard people say they like the lower count of vulnerabilities that non-credentialed scans produce. Or that they can’t patch the vulnerabilities they’re finding with non-credentialed scans, so why would they want to discover even more?

More often though, we hear that the reason people aren’t doing credentialed vulnerability scans is that it’s just not possible—or it’s too difficult—to get and maintain credentials. Maybe the network department is very protective of the organization’s network infrastructure equipment and the credentials to those systems. Or maybe the systems team has a strong credential management policy, and they’re updating credentials frequently but finding it resource-intensive to get those updates to all the groups that need the credentials.

For these reasons and others, we’ve recently made updates to Nessus Cloud and Nessus Manager to make it easier to run credentialed vulnerability scans, releasing Nessus Agents and also introducing Nessus support for the CyberArk Enterprise Password Vault.

Nessus Agents eliminate the requirement for host credentials

As we’ve discussed in previous articles, Nessus Agents are lightweight programs installed locally on a host – a laptop, virtual system, desktop, and/or server. Agents receive scanning instructions from a central Nessus server, perform scans locally, and report vulnerability, compliance and system results back to the central server. We introduced Nessus Agents earlier this year. Our customers tell us that agents help them reduce credential management headaches.

Our customers tell us that agents help them reduce credential management headaches

Nessus Agents make it easier to do credentialed vulnerability scans because after the agents are installed, they don’t need ongoing host credentials. When you first install Nessus Agents (either manually or with a software management system), you install them under the local SYSTEM account in Windows or root on Unix-based operating systems. The agents then inherit the permissions of the account used for installation so they can perform credentialed scans, even if the credentials on the system have changed. Even better, Nessus Agents auto-update, so you don’t need to worry about installing new versions of agents in the future.

Agents setup

CyberArk Enterprise Password Vault support

Nessus Cloud and Nessus Manager are now integrated with CyberArk. We've received many requests from customers to add support for this popular enterprise password vault to Nessus. As CyberArk describes on their website, they enable organizations to secure, manage and track the use of privileged credentials whether on-premises or in the cloud, across operating systems, databases, applications, hypervisors, network devices and more.

Nessus will get credentials from CyberArk to use in scans

To enable CyberArk to share credentials with Nessus Cloud or Nessus Manager, you simply navigate to the Credentials area in the Advanced Scan tab and enter your CyberArk Vault information. From then on, Nessus will get credentials from CyberArk to use in scans, which saves you time by no longer having to manually add credentials into Nessus.

cyberark

Summary

While Nessus can perform both non-credentialed and credentialed vulnerability scans, there are definite advantages to credentialed scans. With both Nessus Agents and CyberArk password vault options, our goal is to make credentialed scanning easier for you in Nessus Cloud and Nessus Manager.

You’ll find more information about Nessus Agents on our website, including new OS support for Mac OS X, CentOS and Red Hat Linux (released this month). If you’re using Nessus Cloud or Nessus Manager and would like to check out CyberArk integration, visit the Tenable Support Portal and read the Nessus 6.4 release notes.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training