Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Scannerless Amazon Web Services (AWS) Scanning with Nessus Agents

Note:  Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.


The new Nessus® Agents are a really great fit for organizations that have deployments in AWS environments and want a simple, flexible means to scan them for vulnerabilities. Agents effectively let you scan your AWS assets without having to actually install scanners, and with recently announced support for Amazon Linux and Ubuntu, agents now run on the most popular operating systems in AWS.

Agents effectively let you scan your AWS assets without having to actually install scanners

Tenable and AWS

First, let’s review Tenable’s approach towards AWS:

  • The Nessus Bring Your Own License (BYOL) model allows customers the ability to scan AWS instances with a pre-built AWS appliance and a Nessus license purchased from Tenable. This can be used with Nessus Cloud, Nessus Manager or SecurityCenter™. The BYOL requires pre-authorization from Amazon before a scan can be done.
  • A Nessus Cloud license includes a scanner for AWS. Simply install the scanner in your AWS environment, point it at the targets you’d like to scan, and then view and manage the scan results in Nessus Cloud. This scanner is pre-authorized by Amazon to run scans in AWS.
  • Nessus Agents are another option for vulnerability scanning in your AWS environment. Install agents on assets in AWS and those agents will look to Nessus Cloud or Nessus Manager for instructions on what scans to run and when to send results back to the manager. Agent data can also be imported into SecurityCenter if you want to view the information there. Nessus Agents provide the equivalent of a full credentialed scan for the target, without requiring a scanner and without requiring the credentials for the asset of interest.

With so many options, our approach to AWS is by far the most flexible in the industry.

Nessus Agent benefits

While both the BYOL and Nessus scanner for AWS provide excellent vulnerability scanning functionality, Nessus Agents provide many unique benefits when used within AWS:

  • A Nessus Agent does not need any additional AWS resources, since it’s installed within the actual AWS asset that you want to scan.
  • Since no actual “scanning” between AWS instances is taking place, there is no need to get authorization from Amazon to do a scan.
  • No credentials are required for the AWS instance that needs to be scanned.
  • The Nessus Agents are fully managed by Nessus Cloud or Nessus Manager, which can interface with SecurityCenter.
  • The Nessus Agent can be managed by Nessus Cloud or Nessus Manager independent of where the manager is; in other words, the manager can be located inside or outside the AWS Cloud.
  • Nessus Agent deployment can be fully scripted. For example, include it in your Chef recipes to automatically spin up agents on new AWS assets.

Nessus Agent technology uniquely enables simplified vulnerability assessment of AWS assets, both large and small. It’s easy to deploy and maintain, and provides the same extensive results obtained from a traditional Nessus scanner – without the complications of running an actual scanner.

Nessus Agent technology uniquely enables simplified vulnerability assessment of AWS assets, both large and small

For more information about Nessus Agents and the Nessus Scanner for AWS, check out what’s New in Nessus 6.5.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.