IBM Proventia Network Enterprise User Manual - page 22
Chapter 1: Introduction to Enterprise Scanner
22
IBM Internet Security Systems
Migrating from Internet Scanner
Introduction
The approach to protecting your enterprise with Enterprise Scanner is different from the
one used by Internet Scanner. If you understand the major conceptual differences before
you begin, the implementation details will make more sense to you.
What Enterprise
Scanner does not
do
Enterprise Scanner is not a standalone application. It only works with assets in a
SiteProtector database. You can use it for ad hoc scanning, but it is not intended to be an
auditing tool.
Developing a
migration strategy
For more information about developing a migration strategy, see the Enterprise Scanner-
Internet Scanner Migration Guide. This Guide provides an overview and compares the
functionality between Enterprise Scanner and Internet Scanner. This Guide discusses
feature differences between the two products and provides examples of how you can
migrate from Internet Scanner to Enterprise Scanner.
Migration tools
To migrate policies from Internet Scanner to Enterprise Scanner, download the IBM
Proventia Network Enterprise Scanner Policy Migration Utility and instructions from the IBM
ISS Download Center.
Using Internet
Scanner with
Enterprise Scanner
You can use Internet Scanner with Enterprise Scanner, which you may want to do as you
migrate from Internet Scanner. You should migrate completely to Enterprise Scanner,
however, because its tighter integration with the SiteProtector system significantly
reduces the effort and cost involved in scanning your enterprise and managing your
vulnerabilities.
Comparison table
The following table provides a high-level comparison of the major differences between
Internet Scanner and Enterprise Scanner:
Function
Internet Scanner
Enterprise Scanner
Configuring scans
Defines scans and scan
policies based on the scanner.
Identifies a specific scanner to
scan assets.
Defines scans and scan
policies based on the needs of
a group of assets.
Defines an agent, or a group of
agents among which the
scanning is distributed.
Management console
Works with the SiteProtector
system or without the
SiteProtector system through
its local management interface.
Works only with the
SiteProtector system.
Timing of scans
Ad hoc scans; recurring scans
when used with the
SiteProtector system.
Ad hoc and recurring
background scanning cycles.
Scan processes
Discovery and assessment in
the same process.
Separate discovery and
assessment processes.
Remediation
Manual process.
Automated process with
ticketing functions in the
SiteProtector system.
Table 5: Major differences between Internet Scanner and Enterprise Scanner