Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

How to Perform Efficient Vulnerability Assessments with Tenable

How to Perform Efficient Vulnerability Assessments with Tenable

Policy configuration choices in vulnerability assessment tools like Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management enable security professionals to effectively gather data that can be analyzed to aid in prioritizing remediation.

In practicing preventive cybersecurity, most security teams want to gather as much information as quickly and efficiently as possible so they can accurately evaluate risk in their environment. Most security professionals we work with prefer to spend their time making appropriate risk-based decisions, not waiting on scans to complete or trying to figure out how to test for the latest zero-day or Microsoft Patch Tuesday releases.

Tenable’s toolsets offer a wide variety of scan policy knobs and switches; while these options are important, they can make it challenging for security pros to ‘set it and forget it’ from an assessment perspective. This blog highlights some of the do’s and don’ts of scan configuration to help users get some time back so they can focus on other tasks.

Make time for discovery before initiating broad vulnerability scans

In larger or dynamic networks, Tenable recommends doing discovery prior to undertaking a full vulnerability scan of a large subnet(s). Discovery reduces the time spent trying to scan empty IP space and can alert users faster to outliers that may have bypassed proper processes. Here are some options for performing discovery in bigger environments:

Use basic or advanced scan policies for vulnerability scans

When running a standard vulnerability scan against a target, use the “Basic Network Scan” or “Advanced Network Scan” policies. These policies have the exact same starting configuration but the advanced scan is simply a replica that allows for granular customization (this concept also applies to agent scan policies). In most scenarios for most customers, these policies will be able to scan any target efficiently and safely with the default settings for the majority of vulnerabilities in an environment.

Use basic or advanced scan policies for vulnerability scans

Source: Tenable, September 2023

Use credentials or agents

Having good authentication across your vulnerability scans is not only critical for obtaining high quality results, it also increases the efficiency of the scan and, in some cases, can reduce the overall license usage as Tenable will collapse results that it can correlate into the same licensed asset.

Scan frequently

Tenable recommends frequent host assessments to keep up on the latest vulnerabilities and changes made to targets; how often users perform this function will depend a little on organizational requirements, but Tenable recommends no less than twice a week for most scenarios. Some Tenable technologies, like Agentless Assessment, Inventory Scanning, Live Results, and Nessus Network Monitor, allow for more continuous monitoring and live updates of vulnerability data without re-scanning the target.

Having good authentication across your vulnerability scan increases efficiency

Source: Tenable, September 2023

Three things to avoid when performing a scan

1. Selecting individual plugins/families in a scan policy

Nessus, when used as an agent or when run standalone or as a managed scanner, automatically runs the correct plugins against each target at scan time. While highly targeted scan policies with limited plugins may run faster in some scenarios, most customers should not cherry-pick plugins to run against their systems, as doing so can result in missing future detections, missing new CVEs when released and lower confidence in the accuracy of the assessments. Tenable recommends not to modify the plugin families or individual plugins of scan policies in most scheduled scan jobs. For example, when scanning for monthly Microsoft Patch Tuesday advisories, simply re-scan with a basic or advanced scan policy with all plugins enabled; there is no need to create a separate scan policy with only these plugins.

2. Using tactical scan policies

Tactical scan policies are designed for limited, targeted use when discovery and insight to a particular vulnerability or set of vulnerabilities is extremely time sensitive. Given the rapidly changing threat landscape, Tenable recommends not relying on these for vulnerability detection over time, as these risks will also be detected by regularly scheduled comprehensive vulnerability scans.

3. Disable ‘'Show missing patches that have been superseded’’

When enabled, this option will include superseded patch information in the scan report. Disabling this setting will hide superseded findings and limit visibility into older missing patches, including potential Critical severity findings. The same view (“show me only the patches I need to apply”) can be reproduced by:

Six assessment guidelines to remember

  1. When scanning large or dynamic networks, perform discovery first.
  2. Use the basic or advanced scan policies in most circumstances; they will cover most scanning scenarios automatically.
  3. Perform fully authenticated assessments wherever possible; these provide up to 45 times more findings and insights than uncredentialed assessments.
  4. Scan at least twice a week to track environmental changes and discover newly released vulnerabilities or existing ones introduced into your environment.
  5. Limit customizing the plugins, as doing so can lead to overlooked risks or false positives; Nessus automatically determines what tests to run against a target;.
  6. Don’t disable “Show missing patches that have been superseded” as doing so will provide a false sense of security by hiding potentially critical findings.

Learn more

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.