Agentless Scanning

The Agentless Scan enables cryptographic discovery and analysis without requiring an agent to be installed on target systems. It leverages external data sources and network-based techniques to assess cryptographic posture across the environment.

Coverage

Agentless scans collect and analyze data from:
  • Network Discovery/Network Scan: Discovers and analyzes reachable services using:
    • IP addresses
    • IP ranges
    • Subnets
  • VM/Vulnerability Scanners: Integrate with external tools (such as Tenable) to ingest scan data and extract cryptographic insights

Capabilities

The agentless scan offers full visibility into:
  • Certificates (including the network-exposed certificates)
  • Cipher suites in use
  • Security protocols (for example, TLS versions)
And limited visibility into cryptographic libraries (dependent on data provided by integrated tools)

Network Scan for Retrieving PQC Readiness Data

The network scan enables discovery and analysis of cryptographic configurations for network-accessible services using IP-based scanning, without requiring agent installation. The scan targets reachable systems over the network and extracts cryptographic information from exposed services and endpoints.
The scope of a network scan includes:
  • A single IP address
  • IP ranges
  • Subnets
The network scan evaluates:
  • Cipher suites supported by services
  • Security protocols in use (e.g., TLS versions)
  • Certificates presented by services, including port bindings
  • Open ports and associated services

For detailed instructions on configuring and executing a network discovery scan, see the Network Scan documentation.

Vulnerability Management Tools for Retrieving PQC Readiness Data

Tenable

The platform integrates with vulnerability management tools to ingest scan data and derive cryptographic insights without requiring direct scanning or agent deployment. This integration enables the platform to leverage existing vulnerability scan results to identify cryptographic configurations and assess PQC readiness across managed assets.

Agentless data can be ingested from vulnerability scanners such as Tenable.

Based on the data provided by integrated tools, the platform can identify:
  • Cipher suites and security protocols
  • Certificates and associated metadata
  • Service configurations and exposed endpoints
  • Crypto Library (Limited visibility; depends on the data provided by the integrated tool)

For details on setting up the Tenable integration, including required prerequisites, access, and configuration steps, see the Tenable Integration Documentation.