Table of Contents
Advertisement
Chapter 1: Introduction to Enterprise Scanner
Key Concepts
Introduction
Centralized control
Asset-centric
approach
Background
scanning
Ad hoc scanning
and auditing
Load balancing
Perspective
definitions
20
Enterprise Scanner is the next generation scanning appliance from IBM ISS. As a
component of the Enterprise Security Platform, Enterprise Scanner delivers true
enterprise scalability and scanning load balancing. Designed to run on Linux, Enterprise
Scanner delivers the core functionality necessary in today's enterprise environments.
Enterprise Scanner works with the SiteProtector system to provide centralized security
management for your enterprise assets. After you install and configure your appliance,
you use the SiteProtector Console for scan management, tracking and remediation, and
reporting.
You probably already think about your vulnerability management in terms of your assets.
You know to prioritize your efforts to protect your most critical assets first and to provide
the same type of protection for similar assets. Enterprise Scanner makes this easier by
separating policies for groups of assets from the policies for agents:
Asset policies define scanning requirements for groups of assets, including IP
●
addresses to scan, checks to run, and how often to refresh information.
Agent policies define how agents operate, including the location in the network from
●
which they operate. That network location is called perspective.
Background scanning is an automated, cyclical process that incorporates the key
operational concepts of the Enterprise Scanner vulnerability detection model. Background
scanning is explained in more detail in "Introducing Background Scanning" on page 21.
Enterprise Scanner supports ad hoc scanning, but it is not designed to be an auditing tool.
You could use the ad hoc scanning capability between scheduled background scans for
the following types of needs:
For network reconfiguration, you could use ad hoc scanning to refresh your discovery
●
and vulnerability information.
For a new threat, you could use ad hoc scanning to assess the risk to your assets.
●
Enterprise Scanner makes it easier for you to respond to the dynamic nature of an
enterprise network. You can create pools of agents to share a scanning load. You can add
agents or remove agents without having to change any discovery or assessment
configuration parameters. You can also adjust other operational parameters to ensure that
you have the coverage you need.
You have different expectations for scanning results based on the location of an agent in
relation to the assets it scans. For example, results would be different depending on
whether you scanned a group of assets from inside a firewall or outside a firewall. (See
"What is Perspective?" on page 124.) In Enterprise Scanner, perspective definitions serve
several purposes:
They identify locations on your network from which scanning is performed.
●
They indicate where agents are connected to your network so that load balancing can
●
occur across agents that share a perspective.
They indicate the location from which groups of assets should be scanned.
●
IBM Internet Security Systems
Advertisement
Table of Contents
