IBM Proventia Network Enterprise User Manual - Key Concepts
Chapter 1: Introduction to Enterprise Scanner
20
IBM Internet Security Systems
Key Concepts
Introduction
Enterprise Scanner is the next generation scanning appliance from IBM ISS. As a
component of the Enterprise Security Platform, Enterprise Scanner delivers true
enterprise scalability and scanning load balancing. Designed to run on Linux, Enterprise
Scanner delivers the core functionality necessary in today's enterprise environments.
Centralized control
Enterprise Scanner works with the SiteProtector system to provide centralized security
management for your enterprise assets. After you install and configure your appliance,
you use the SiteProtector Console for scan management, tracking and remediation, and
reporting.
Asset-centric
approach
You probably already think about your vulnerability management in terms of your assets.
You know to prioritize your efforts to protect your most critical assets first and to provide
the same type of protection for similar assets. Enterprise Scanner makes this easier by
separating policies for groups of assets from the policies for agents:
●
Asset policies define scanning requirements for groups of assets, including IP
addresses to scan, checks to run, and how often to refresh information.
●
Agent policies define how agents operate, including the location in the network from
which they operate. That network location is called perspective.
Background
scanning
Background scanning is an automated, cyclical process that incorporates the key
operational concepts of the Enterprise Scanner vulnerability detection model. Background
scanning is explained in more detail in “Introducing Background Scanning” on page 21.
Ad hoc scanning
and auditing
Enterprise Scanner supports ad hoc scanning, but it is not designed to be an auditing tool.
You could use the ad hoc scanning capability between scheduled background scans for
the following types of needs:
●
For network reconfiguration, you could use ad hoc scanning to refresh your discovery
and vulnerability information.
●
For a new threat, you could use ad hoc scanning to assess the risk to your assets.
Load balancing
Enterprise Scanner makes it easier for you to respond to the dynamic nature of an
enterprise network. You can create pools of agents to share a scanning load. You can add
agents or remove agents without having to change any discovery or assessment
configuration parameters. You can also adjust other operational parameters to ensure that
you have the coverage you need.
Perspective
definitions
You have different expectations for scanning results based on the location of an agent in
relation to the assets it scans. For example, results would be different depending on
whether you scanned a group of assets from inside a firewall or outside a firewall. (See
“What is Perspective?” on page 124.) In Enterprise Scanner, perspective definitions serve
several purposes:
●
They identify locations on your network from which scanning is performed.
●
They indicate where agents are connected to your network so that load balancing can
occur across agents that share a perspective.
●
They indicate the location from which groups of assets should be scanned.