Tenable.sc General Questions
What is Tenable.sc?
Tenable.sc™ consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With Tenable.sc, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
Tenable.sc includes functionality from Nessus® as well as the following additional capabilities:
- Prioritize vulnerabilities and reduce risk using the Vulnerability Priority Rating (VPR) and Solutions View page to understand what vulnerabilities to remediate first for the highest risk reduction.
- Use customizable dashboards, reports and workflows to quickly identify and rapidly respond to security incidents
- Communicate consolidated metrics to business executives and other IT security stakeholders
- View vulnerability management and security assurance trends across systems, services and geographies
- Group and control team member permissions by role
- Use advanced analytics with actionable information and trending to prioritize events and alerts
- Measure security assurance and the effectiveness of your security investments using Tenable exclusive Assurance Report Cards® (ARCs)
What is Tenable.sc Continuous View?
Tenable.sc Continuous View is a comprehensive solution that provides continuous visibility and critical context, enabling decisive action. With advanced analytics, it gives you continued assurance that your security program is working.
Tenable.sc Continuous View includes Tenable.sc capabilities, as well as the following additional capabilities:
- Obtain information on which assets are connected to the network and how they are communicating
- Monitor host activities and events, including who is accessing them and what is changing
- Identify previously unknown resources, changes in behavior and new application usage
- Get near real-time metrics for continuous security and compliance
- Correlate real-time activity with the state-based vulnerability data
What is Predictive Prioritization?
Predictive Prioritization is the process of re-prioritizing vulnerabilities based on the probability they will be leveraged in an attack. Predictive Prioritization allows companies to dramatically improve their remediation efficiency and effectiveness by focusing on the vulnerabilities that matter most. Predictive Prioritization is available in Tenable.io and Tenable.sc. For more information on Predictive Prioritization review the FAQ or visit the webpage.
What is the difference between Predictive Prioritization and a Vulnerability Priority Rating (VPR)?
The output of Predictive Prioritization process is the Vulnerability Priority Rating (VPR), which indicates the remediation priority for an individual vulnerability. VPR operates on a scale of zero to 10, with 10 being the greatest severity.
What are Assurance Report Cards (ARCs)?
ARCs are highly customizable “objectives” that CISOs can define and use to measure security assurance on a continuous basis. ARCs enable customers to express security policies in a business context, and assess them continuously for security assurance. ARCs utilize customer-defined security policies, allowing security teams to identify the gaps where policies are failing to meet business objectives.
What are Critical Cyber Controls, and how do they help me?
Critical Cyber Controls are executive focused ARCs that come pre-installed in Tenable.sc. They enable CISOs to validate the following top five security objectives which have the greatest impact to ensuring the security posture of any business.
- Objective #1: Track authorized inventory of hardware and software
- Objective #2: Remove vulnerabilities and misconfigurations
- Objective #3: Deploy a secure network
- Objective #4: Authorize user access to the systems
- Objective #5: Search for malware and intruders
Each Critical Cyber Control ARC can be customized to meet your specific security goals.
What are Nessus Agents?
Nessus Agents are lightweight programs installed locally on a host – a laptop, virtual system, desktop and/or server. Agents receive scanning instructions from a central Nessus Manager server, perform scans locally, and report vulnerability, compliance and system results back to the central server.
Nessus Agents, available with Tenable.io and Tenable.sc, increase scan flexibility by making it easy to scan problematic assets such as those needing ongoing host credentials and assets that are offline. Agents also enable large-scale concurrent scanning with little network impact.
Why Use Nessus Agents with Tenable.sc?
Today's extended networks and mobile devices make assessing and protecting all of your environment extremely difficult. Nessus Agent technology increases scan coverage and removes blind spots.
Agents provide vulnerability scanning and configuration assessment access for:
- Transient systems, like laptops, that are often disconnected from the network when traditional scans run.
- Systems connected over limited bandwidth connections or across complex, segmented networks.
- Systems for which the security team lacks the credentials required to perform authenticated scanning.
- Fragile systems that are unsafe to scan with traditional scanning.
How do Nessus Agents and Tenable.sc work together?
Nessus Agent scans, configured from within Tenable.io Vulnerability Management or Nessus Manager, identify vulnerabilities, policy-violating configurations and malware on the hosts where they are installed, report results back to Tenable.io Vulnerability Management or Nessus Manager, and then the results are imported into Tenable.sc on a scheduled basis. By scheduling the import of the agent collections, you will ensure your reports and overall security metrics now include “all” the hosts in your environment.
What is the recommended deployment model when using Nessus Agents with Tenable.sc?
Tenable recommends that you use Tenable.io Vulnerability Management to manage Nessus Agents and to transfer agent data to Tenable.sc.
Tenable recommends the Tenable.io Vulnerability Management deployment model for the following reasons:
- Safely secure your mobile workforce: You may have thousands or tens of thousands of remote/mobile workers whose laptops are not online during a vulnerability scan. Nessus Agents will run the scans locally and then upload result to Tenable.io Vulnerability Management when a connection is available, without the risk associated with every agent uploading its individual results through your firewall.
- Simplify management: Tenable manages Tenable.io for you. We are responsible for high availability, we backup the data and we perform the software updates. You manage your vulnerability data, not the Tenable.io platform.
- Scale with ease: As your use of Nessus Agents increases, you will not need to upgrade your computing and storage infrastructure to accommodate growth.
- Scan your perimeter: Many Tenable.sc customers that already perform internal scanning to satisfy PCI compliance requirements also use Tenable.io Vulnerability Management to satisfy external PCI scanning requirements that must be performed by an approved scanning vendor (ASV). If you are not already using Tenable.sc to meet both internal as well as external PCI compliance scans, this deployment model will make it easy for you to use both of these Tenable.sc capabilities.
- Preserve internet bandwidth: Importing scan data in bulk from Tenable.io can be scheduled during off hours to preserve daytime bandwidth for your business users. Additionally, managing a single connection between Tenable.io and Tenable.sc reduces network overhead compared with managing thousands of connections with individual agents.
If desired, you can use Nessus Manager in place of Tenable.io Vulnerability Management to manage the agents. In this case, Tenable suggests you deploy Nessus Manager as a proxy between the agents and Tenable.sc.
For more information about Nessus Agents, see the following resources:
Where can new customers purchase Tenable.sc?
New customers should contact their Tenable or Partner sales representative or visit the Tenable website to schedule a demo and receive an evaluation copy of Tenable.sc before purchasing.
Where can existing customers download Tenable.sc?
Existing customers can download installation packages from the Support Portal.
How do I upgrade from previous Tenable.sc versions?
Instructions for upgrading Tenable.sc from previous versions are available in the documentation.
What platforms is Tenable.sc available for?
Platform support is described in the Tenable General Requirements guide.
What are the hardware requirements for Tenable.sc?
Hardware requirements for Tenable.sc are described in the Tenable General Requirements guide.