IBM Proventia Network Enterprise User Manual - Key Concepts

Chapter 1: Introduction to Enterprise Scanner

20

IBM Internet Security Systems

Key Concepts

Introduction

Enterprise Scanner is the next generation scanning appliance from IBM ISS. As a 

component of the Enterprise Security Platform, Enterprise Scanner delivers true 

enterprise scalability and scanning load balancing. Designed to run on Linux, Enterprise 

Scanner delivers the core functionality necessary in today's enterprise environments. 

Centralized control

Enterprise Scanner works with the SiteProtector system to provide centralized security 

management for your enterprise assets. After you install and configure your appliance, 

you use the SiteProtector Console for scan management, tracking and remediation, and 

reporting. 

Asset-centric 

approach

You probably already think about your vulnerability management in terms of your assets. 

You know to prioritize your efforts to protect your most critical assets first and to provide 

the same type of protection for similar assets. Enterprise Scanner makes this easier by 

separating policies for groups of assets from the policies for agents:

●

Asset policies define scanning requirements for groups of assets, including IP 

addresses to scan, checks to run, and how often to refresh information. 

●

Agent policies define how agents operate, including the location in the network from 

which they operate. That network location is called perspective. 

Background 

scanning

Background scanning is an automated, cyclical process that incorporates the key 

operational concepts of the Enterprise Scanner vulnerability detection model. Background 

scanning is explained in more detail in “Introducing Background Scanning” on page 21.

Ad hoc scanning 

and auditing

Enterprise Scanner supports ad hoc scanning, but it is not designed to be an auditing tool. 

You could use the ad hoc scanning capability between scheduled background scans for 

the following types of needs:

●

For network reconfiguration, you could use ad hoc scanning to refresh your discovery 

and vulnerability information.

●

For a new threat, you could use ad hoc scanning to assess the risk to your assets. 

Load balancing

Enterprise Scanner makes it easier for you to respond to the dynamic nature of an 

enterprise network. You can create pools of agents to share a scanning load. You can add 

agents or remove agents without having to change any discovery or assessment 

configuration parameters. You can also adjust other operational parameters to ensure that 

you have the coverage you need.

Perspective 

definitions

You have different expectations for scanning results based on the location of an agent in 

relation to the assets it scans. For example, results would be different depending on 

whether you scanned a group of assets from inside a firewall or outside a firewall. (See 

“What is Perspective?” on page 124.) In Enterprise Scanner, perspective definitions serve 

several purposes:

●

They identify locations on your network from which scanning is performed.

●

They indicate where agents are connected to your network so that load balancing can 

occur across agents that share a perspective.

●

They indicate the location from which groups of assets should be scanned.