Network Monitors: What They Do. How They Work. Why You Need Them.
A Comprehensive Look at Network Monitoring Tools and Asset Management
A network monitor is a tool you can use to continuously monitor your network and assets for security and other issues. In cybersecurity, network monitors give you non-intrusive and continuous visibility into your network. They enable you to keep an eye on network traffic at the packet level to uncover server and client-side vulnerabilities for all new assets and transient assets that connect to your network.
You can also use a network monitor to identify where you may have compromised systems or applications. Network monitors can identify suspicious traffic, your bandwidth utilization and when an application or system may be compromised. A network monitor can then alert you to issues so you can prioritize plans to address them.
You can use network monitors to help your organization build and mature a strong cybersecurity program, which is a growing market in cybersecurity. For example, the network monitor market is expected to grow to $5 billion by 2026, a move fueled by increased demand for network optimization and diagnostics for enterprises.
In this network monitor knowledge base, we’ll explore the value of continuous, passive network monitoring, help you understand what you should look for in a network monitoring tool, and explain why it’s important to use a network monitor that illuminates blind spots created in your attack surface by rogue and transient assets.
Here are few highlights of what’s here:
Discover and Assess Rogue Assets
A network monitoring tool, like Nessus Network Monitor, can discover and assess rogue assets on your network.
Learn MoreSecurity Effectiveness with Network Monitoring
You can measure and demonstrate your network security’s effectiveness with continuous network monitoring.
Learn MoreSelecting a Network Monitoring Tool
Need help selecting a network monitoring tool? Check out this list of recommendations to get started.
Learn MoreCommunity
Join other professionals discussing network monitors and resources in Tenable Community.
Learn MoreHow to Set Up a Network Monitor and Run a Scan
10 simple steps to set up your network monitor and run your first scan with Nessus.
Learn MorePassively Analyze Your Network With Nessus Network Monitor
Get Continuous Visibility Into Managed and Unmanaged Assets
Nessus Network Monitor (NNM) provides deep packet inspection so you can eliminate blind spots within your network and continuously monitor all of your assets for vulnerabilities and network security issues. From operation technology (OT) to traditional IT and modern assets like the mobile devices and the cloud, Nessus Network Monitor is the real-time network monitoring tool you can count on for continuous visibility and immediate vulnerability detection.
Definitive Guide to Continuous Network Monitoring
A network monitor is a great tool to help you reduce risk for your attack surface, uncover vulnerabilities, and get a comprehensive picture of everything happening across your network. Continuous network monitoring enables you to adopt an automated, holistic approach for monitoring all of your assets. It’s critical in identifying even short-lived or transient assets so you can eliminate blind spots and keep an eye on your network for real-time threats.
But many security teams are hesitant to adopt continuous monitoring practices. There’s a concern that it can disrupt systems and technology and inadvertently create unnecessary downtime for organization. That’s why a passive network monitoring tool, like Nessus Network Monitor, can reduce that worry, giving you the insight you need to move away from legacy vulnerability management practices and fully embrace a risk-based approach that can help you stay one step ahead of attackers.
In this eBook, “The Definitive Guide to Continuous Network Monitoring,” you can explore the many benefits of network monitors and learn more about:
- Complex, evolving modern attack surfaces
- Increasing number of network security threats
- Why infrequent and periodic monitoring puts you at risk
- How to reduce your attack surface
- How to improve your network defenses
- How a network monitor can help you reach your compliance requirements
- What to consider when evaluating a network monitoring solution
Passive Network Monitoring
Keeping your expanding and evolving attack surface safe requires more than just periodic scans. Whether you have IT, OT, IoT, or a combination of environments, you can better protect and secure your network by using a combination of active device querying , passive network monitors, agents and other sensors. While each of these network monitoring tools have their own set of benefits, using them together can help you more effectively manage and measure your organization’s cyber risk.
Nessus Network Monitor (NMM) is a passive network monitoring tool you can add to your security arsenal. With NMM, you can continuously monitor all of the active assets across your network and then assess them for vulnerabilities. Here’s a quick look at what it can do:
- Monitor IPv4, IPv6 and mixed network traffic at the packet layer
- Determine topology
- Determine services
- Discover vulnerabilities
- Monitor virtual traffic in the cloud or within a virtual infrastructure
- Supports a variety of protocols from ICMP to SCTP and everything in between
- Discovers assets
- Send events to your SIEM and alert you
- Illuminates blind spots so you can see your entire network
Uncover Unauthorized Devices, Vulnerabilities and Untrusted Relationships with Deep Packet Inspection
There are a lot of benefits of adding network monitors to your cybersecurity program. While the list is much longer than what we highlight here, here are a few examples of some of the benefits of adding continuous network monitoring to your security practices:
- Discover all the devices on your network
- Discover all the applications and services active on your network
- Insight into BYOD and company-owned devices
- Ability to see connections between devices, applications and services
- Discover vulnerabilities that periodic active scans would miss
- Find weaknesses and other network security issues as soon as new assets or rogue systems appear
- Facilitate compliance with insight into device configurations
- Discover active hosts’ operating systems
Want to know more about the benefits of deep packet inspection?
6 Ways to Optimize Your Nessus Scans
Ongoing vulnerability assessments are an important component of effective cybersecurity. You can optimize your vulnerability assessments by using Nessus Professional to optimize your vulnerability scans.
In this eBook, learn more about how to optimize your vulnerability assessment scans, including the role of network monitors, so you can get the most out of your vulnerability assessments and overcome common vulnerability assessment challenges.
- Credentialed scanning can uncover about 90% of vulnerabilities across your attack surface. That’s because credentialed (also known as authenticated) scanning enables you to do more thorough assessments of devices across your attack surface.r
- Compliance audits don’t replace vulnerability scans, but they are useful in helping ensure your IT assets meet your required standards.
- You can run offline configuration audits with Nessus Pro so you don’t have network downtime or other disruptions.
- You can automate your vulnerability scans with continuous assessments and live results so you always know what’s happening on your network
- By enabling dynamic vulnerability scanning, you can go beyond traditional vulnerability scanning and analyze specific subsets for additional insight.
- Finally, with vulnerability filtering capabilities you can better prioritize and plan your remediation activities, giving you insight into critical weaknesses so you know what to tackle first.
Tenable Community: Your Go-To Resource for Network Monitors
Are you new to deploying network monitors? Do you have questions about how they work or do you want to take your network monitoring practices to the next level? Tenable Community is a great place to connect with other information security professionals to explore the benefits of network monitors and how to configure them to get the most out of your processes.
Here is a sample of conversations happening now:
Here are some sample conversations happening now:
Make Nessus Network Monitor (NNM) monitor all IP addresses
While NNM can be set to monitor every IP address, it may pollute or degrade the quality of vulnerability data for your actual hosts that should be monitored.
Read MoreFree up disk space in Nessus Network Monitor
Freeing disk space from the Nessus Network Monitor (NNM) installation can be done manually by removing files via the Command Line Interface or by adjusting settings via the GUI.
Read MoreUploading a PCAP to Nessus Network Monitor (NNM)
NNM is a passive scanner that listens on the span port of a switch to detect vulnerabilities ... During troubleshooting, providing a PCAP from the NNM host can provide valuable insight into what NNM is seeing.
Read MoreNetwork Monitors Frequently Asked Questions
Are you new to network monitors? Do you have questions about network monitoring, but not sure where to start? This FAQ is a great place to find answers:
What is a network monitor?
What is a network monitoring system?
How does a network monitor work?
Why is network monitoring important?
What are the types of network monitoring?
- Intrusion detection: These network monitor tools scan your network and look for non-approved connections, for example from an unapproved IP.
- Off-network monitors: You can use off-network monitors for insight into traffic to and from your cloud, including access if you allow employees to use their own devices.
- Packet analyzation: With packet analyzers you can get insight into data packets as they traverse your network to gain a better understanding of network access and usage.
- Monitoring of services and applications: These tools give you insight into potential issues so you can address them before you experience any network downtime.
What are some examples of network devices?
What does network monitoring do?
How do I monitor my network?
What are some benefits of network monitors?
How are credentialed and non-credentialed scans different?
How are active querying and passive monitors different?
How can a network monitor help ensure regulatory compliance?
Reaping the Benefits of Continuous Network Monitoring
For far too long, many organizations have relied on static, point-in-time vulnerability scans to evaluate their attack surfaces for vulnerabilities and other network security issues. Unfortunately, that approach is no longer effective for today’s modern and evolving attack surfaces.
Why? Because periodic scans leave you with blind spots. You can only see the assets connected to your network when you run the scan. What about rogue assets or devices that rarely connect? You miss them with static scans.
That’s one of the many benefits of adopting continuous network monitoring instead. It gives you instant insight into all of your devices, as soon as they connect to your network, sending you real-time alerts about where you may have risks. This continuous monitoring empowers you with situational awareness you’d otherwise not have.
Here are some other benefits of network monitoring:
- You can discover types of network security threats and make plans to prioritize remediation
- Receive alerts when something, like a vulnerability or unauthorized traffic, needs your attention
- Have insight into your changing environment, across your entire attack surface, including IT, mobile, cloud, IoT, IIoT, OT and more
- With reporting and network-wide insight, you’ll have insight into current technology usage within your organization
- By monitoring your network traffic and bandwidth, you can understand how your organization uses resources and where you may to need adjustments/upgrades
- You can identify which assets/people/technologies cause security risks, identify trends and respond before a security incident
- Visibility when there have been changes to devices, operating systems, or others within your network
- See how deployment of new assets/software/applications affect the rest of your network and other devices
- Automate tasks that eliminate duplicate, repetitive work for your network security teams
- Insight to help decrease downtime
- Get insight when make network or device changes to see how those changes impact the rest of your network
- Continuous network monitoring gives you visibility into network issues outside of routine office hours when your network otherwise may not have been subject to monitoring or review
What to Look For When Selecting a Network Monitoring Solution
Like any software solution or hardware decision, finding the right networking monitoring tool when there are lots of options in the market is challenging. How do you know which is right for your organization? How can you look past the marketing pitch to find one that does what you need today and will scale with your organization in the future? How do you know which one to trust?
Here are some tips to help you get started. Look for a solution that:
- Includes passive network sensors
- Has a log management system
- Offers frequent (daily) security updates including new plug-ins
- Has an industry-respected security research team
- Is easy to deploy and use
- Has industry recognized customer support
- Offers customer support 24/7/365 through a variety of communication channels
- Enables you to deploy new scanners as you need them
- Facilitates reporting and analytics with customizable reports and dashboards
- Helps you meet your compliance and regulatory requirements such as HIPAA, FISMA, PCI DSS, and more, as well as security frameworks such as CIS, NIST, ISO, and others
- Supports access controls down to a granular level
- Supports inventory management
- Supports patch management
- Supports mobile device management
- Supports risk management
- Supports incident management
- Facilitates penetration testing
- Helps you prioritize risks and plan remediation activities
- Supports integration with a variety of hardware and software across your enterprise, including, but not limited to next generation firewalls (NFGWs), security information and event management (SIEM), your cloud environments, and more
- Have clear, easy-to-understanding pricing and licensing options
- Support unlimited scans with no extra fees
- Has flexible deployment options
- Can scale with you as your organization grows and changes
- Supports credentialed and non-credentialed scans
- Trusted by thousands of global organizations, including most of the Fortune 500
Avoid solutions that:
- Require vendor-leased scanning hardware appliances
- Operate on vendor-specific (proprietary) operating systems or platforms
Need help determining which network monitoring solution may be best for you? Check out this white paper for a more in-depth look at network monitors, including key features and other important buying considerations.
Risk-Based Vulnerability Management Best Practices
While risk-based vulnerability management is a relatively new approach to vulnerability management, you can take steps toward a risk-driven program for your organization by implementing these best-practice recommendations:
- Install your network monitor. If you’re using Nessus Network Monitor, you can get installation help for Linux, Windows, or Mac OS here.
- Select assets to scan and which to exclude. For your first scan, it might be helpful to begin with operationally critical assets like your network, servers and firewalls.
- Group hosts and assign categories for your assets.
-
Determine the type of scan you want to do. With Nessus Professional, you can choose a scan template that meets your specific needs. Here are some examples:
- Non-credentialed (unauthenticated) scan that does not require system credentials
- Credentialed (authenticated) scan that requires authentication?
- Configure scan settings, such as frequency, IP range, and how many checks to run simultaneously on one host.
- Set auditing policies, for example, unauthorized applications, unauthorized software, configuration changes or open ports that should be closed.
- Run your scan.
- Customize your dashboard for the insight and you need.
- Create reports to share what you discover with team members and key stakeholders.
- Prioritize vulnerabilities and plan for remediation.
This is a high-level overview of a Nessus scan. You can go deeper with this Nessus Scan walkthrough or, if you’re looking at a non-product specific overview, you can find one in this Definitive Guide to Continuous Network Monitoring.
Network Monitor Blog Bytes
New Capabilities to Automatically Discover and Assess Rogue Assets
Finding and assessing all your assets is challenging, especially if your organization’s attack surface includes IT, OT, mobile, cloud and more. Because of this, many organizations have long struggled with getting comprehensive insight. They often rely on vulnerability scanning tools that leave them with blind spots because they can’t see all assets across all of the environments. One study even revealed that less than 30% of security professionals say they have enough visibility into their attack surface. The good news is you don’t have to be left in the dark. Nessus Network Monitor, for example, has the industry’s broadest asset coverage, meaning you can see what’s happening on your network at all times. In discovery mode, you can even use NNM to find rogue assets.
How to Maximize Your Penetration Tests with Nessus
While people often confuse penetration tests with vulnerability assessments, they are not the same things; however, both can help you discover weaknesses in your network. Your goal with a vulnerability assessment is to discover, quantify and analyze vulnerabilities across your attack surface, whereas with a penetration test, you’re doing an authorized attack on that attack surface to exploit vulnerabilities. Did you know you can use Nessus Professional’s active scanning to find the areas you should focus on for a penetration test? Then you can use your penetration test to dive further into those weaknesses to provide valuable data so you know where you need to prioritize remediation to reduce risk.
What You Need to Know About Vulnerability Management Best Practices
Legacy vulnerability management practices have been common throughout the cybersecurity industry for decades, but they’re becoming increasingly unreliable for true attack surface protection and defense. Why? Because legacy vulnerability management doesn’t give you insight into all of today’s modern assets like mobile, cloud and more. You can, however, improve your practices with a risk-based approach, including using a network monitor in conjunction with Tenable’s Vulnerability Priority Rating (VPR) to create a dynamic list of assets that might be targeted in an attack.
Webinars
Network Monitoring on Demand Measure and Demonstrate Security Effectiveness with Continuous Network Monitoring
If you’re responsible for cybersecurity or information security for your organization, there’s a pretty good chance you’re routinely asked, “What’s our risk?” And you know the answer is never a simple one. But there is a way to get the insight you need to prepare for the question. That’s with continuous network monitoring. With continuous network monitoring, you can see where you have risks, predict what matters, and act to address your security concerns. In this webinar, explore more about network monitoring including:
- How you can reduce your attack surface
- How you can discover known types of network security issues
- How you can illuminate blind spots by finding vulnerabilities for mobile devices, cloud and others
- Ensure compliance and align security with your business objectives
7 Reasons Security Consultants Trust Their Business to Nessus
Nessus is an industry leader for trusted, reliable vulnerability assessments. More than one million users around the world depend on it to discover vulnerabilities and other security issues across their attack surface. If you’re still in the market for a vulnerability assessment solution or you’re ready to stop wasting time with manual, time-consuming, repetitive processes, now is the time to consider adding Nessus Professional to your cybersecurity toolkit. In this webinar, you can learn more about Nessus including:
- Why global organizations trust Nessus
- How it can help you discover vulnerabilities, misconfigurations and malware
- New features and capabilities that outperform competitors
- Unique advantages consultants get from using Nessus
- How you can put Nessus to work for you right away
Eliminate Blind Spots and Monitor Everything with Nessus Network Monitor
With Nessus Network Monitor (NNM) you can see and protect everything across your evolving attack surface including traditional IT, operational technology (OT), cloud applications, web servers, web apps, operating systems, devices on your network, databases, mobile devices, and more.
NNM gives you unprecedented insight into all of your assets. With deep packet inspection, you can continuously monitor your network to discover new assets, track users, and discover vulnerabilities and other weaknesses that put your organization at risk.
Continuous Visibility
- Continuously monitor and assess your entire network without disruptions
- Keep an eye on network traffic at the packet level to discover server and client-side issues
- Have confidence that as you scale, NNM will scale with your expanding network
Suspicious Traffic Insight
- Discover unencrypted personally identifiable information (PII) and sensitive data in motion
- Awareness when internal systems conduct port scans
- Insight into interactive and encrypted network sessions
Automatic Vulnerability Discovery
- Automatically assess your infrastructure for vulnerabilities
- Discover server and client-side weaknesses in new and transient assets
- Find vulnerabilities on communicating systems and related protocols and apps
Asset Discovery
- OT
- Servers and endpoints
- Web apps
- Network devices
- Cloud assets
- Mobile devices
Compliance Management
- Identification of all systems related to compliance mandates
- Provide evidence of controls
- Monitor data flows
Advanced Protection, More Detection with Nessus Pro
Nessus covers more CVEs and scans more technologies than any other vulnerability assessment tool in the industry. And, with Nessus Network Monitor, you can ensure you always have continuous monitoring of all the assets and vulnerabilities across your entire network.
- Tenable Nessus