Nessus Agents are essential to help secure remote endpoints against dangerous vulnerabilities and misconfigurations. This post offers guidance on how to streamline agent deployment at scale.
As organizations respond to the COVID-19 pandemic by enabling vast numbers of employees to work from home, security teams need to ensure their computing devices aren’t introducing excessive risks when they connect to corporate networks. Agent-based scanning is an essential capability to gain visibility into vulnerabilities, misconfigurations and other security issues on remote devices. However, one common challenge that security and IT teams face is how best to configure and deploy agents without physical access to the actual device.
Fortunately, you can overcome this hurdle with Nessus Agents, which are fully scriptable to easily deploy across multiple systems with minimum effort. Tenable Professional Services published a comprehensive deployment guide to provide you with best practices for deploying Nessus Agents in a distributed environment, including example scripts you can use for common configuration and deployment platforms. Since remote employees rarely have root- or admin-level account privileges on their devices, deployment scripts are essential to automate the agent installation and deployment process without any user intervention.
Three tips to deploy Nessus Agents to remote endpoints
Here are three tips to streamline Nessus Agent deployment to remote endpoints:
- Carefully stage agent rollouts. If endpoints are connected to corporate VPNs, mass deployment of agents may saturate bandwidth during the initial download and subsequent plugin updates. It is important to stage the agent rollout to avoid possible network performance issues.
- Take advantage of command-line syntax. Nessus Agents support command-line instructions to enable unattended agent installs. You can link agents, specify agent groups and even install plugins before linking to reduce network congestion during a mass installation. You can find command-line syntax examples in the Nessus Agent user guide (Windows, Linux and Mac OS X).
- Deploy agents through orchestration platforms. Nessus Agent deployment and configuration can be fully scripted, so that you can deploy across multiple systems and endpoints with minimal effort. All this can be done without needing to create additional administrator or service accounts on the network. Going forward, Nessus Agents can also be proactively deployed as part of a base image, so that agent installation is bundled with new OS deployments.
Get more information
New to agent scripting? Tenable Professional Services has published several articles for deploying agents via commonly used configuration and deployment platforms. Please note that Tenable does not provide support for any third-party software mentioned below. The examples should be used as guidelines only and amended to comply with your organization’s operational procedures.
- Nessus Agent Deployment for Microsoft System Center Configuration Manager (SCCM)
- Nessus Agent Deployment for Group Policy Object (GPO)
- Nessus Agent Deployment for Amazon Web Services (AWS)
- Nessus Agent Deployment for Microsoft Azure
- Nessus Agent Deployment for Ansible
For more information, download the Nessus Agent Professional Services Deployment Guide.
Planning a large-scale deployment (>10,000 hosts or endpoints)? Read the Nessus Agent Large-Scale Deployment Guide.
You can also learn more about remote workforce security considerations and access product education resources in our Protecting Your Remote Workforce solution center.