"Communicating Vulnerabilities to Management: Making the Rubber Meet the Road" Webcast - Recording and Q&A
Renaud Deraison, Jack Daniel, and I recently presented the "Communicating Vulnerabilities to Management: Making the Rubber Meet the Road" webcast. This was part 4 in the “Vulnerabilities Exposed” webcast series.
If you missed the webcast or would like to re-watch it, view the recording.
Q&A
Here are responses to questions we received during the webcast.
General
Will the slides be available for download?
- Yes, click here to view the presentation slides.
Are there licenses for each implementation of Nessus and PVS?
- Nessus and PVS can be licensed individually, and are also available in an introductory offer called "Nessus Plus." For more information, visit the Tenable Online Store. Each instance of Nessus or PVS requires a license.
I want to know more about the software, how to use it, and how much it costs. Will it be difficult to learn how to do the scan?
- Pricing for Nessus, PVS, and on-demand training can be found on the Tenable Online Store. For inquiries about Tenable's enterprise products, please fill out the product's form on our website - SecurityCenter, SecurityCenter Continuous View, and LCE (Log Correlation Engine).
Does your product run in an IPv6 environment?
- Both Nessus and PVS natively support IPv6 (both as targets and sniffing IPv6 traffic for vulnerabilities).
Configuration and Compliance
Nessus supports different types of frameworks. How easy it is to scan different types of compliance standards, and how do I perform the analysis by reviewing the vulnerabilities?
- Configuration and compliance auditing is a feature of Nessus that is both easy-to-use and very flexible. For more information, including how to set up and run compliance audits using Nessus, refer to the video on our YouTube Channel and the compliance checks documentation.
Do you have a scanning policy for HIPAA compliance ?
- Yes, it is located on the Tenable Support Portal in the Nessus Audits Files section.
Product Features
How can I set up a Nessus scan to only scan by a particular severity? For example, scan using only critical-severity plugins.
- You can filter the plugins on several different types of criteria, including severity.
Can Nessus effectively determine vulnerabilities in web applications and CMSes such as Joomla or WordPress?
- Yes, Nessus can detect both known and previously-unknown web application vulnerabilities. For more information, please refer to the video on our YouTube channel.
Say Nessus finds a critical patch is missing which was already deployed through our patching. Can we trigger patching from Nessus through SCCM or WSUS?
- At this time, this feature is not supported. Nessus reports the patch status recorded from the target host and the patch management system(s).
Is it necessary to provide Exchange service account credentials in order to pull the ActiveSync data for mobile devices?
- To use mobile device scanning, Nessus requires access to the Active Directory domain controller(s) and Domain Admin level privileges.
Is the email notification feature available with the basic version of Nessus?
- Yes, the email notification feature is available on all types of the Nessus vulnerability scanner.
When you modify the severity, is it a global change, or can it be modified based on policy? Can I apply a system-wide severity change for a specific host?
- Severity modification is changed on a per-user basis. You can set the host for which it will apply and a time frame for which it will be active.
SecurityCenter can also recast or accept risk, but it does not have an expiration date. Will that be added?
- This is currently a planned feature for an upcoming SecurityCenter release.
Can multiple scans be combined as one report?
- SecurityCenter allows you to aggregate data and generate reports from information collected from Nessus, PVS, and LCE (Log Correlation Engine). From within Nessus, you are not able to combine reports unless you interface with the API and create a custom script.
Tenable Resources
- Blog Post: Nessus Plugins Audit Your Patch Management System Effectiveness
- Video: Nessus Patch Management Integration
- Blog Post: Nessus Vulnerability Modifications
- Video: Nessus Scheduling, Report Emailing, and Result Modification
- Blog Post: Hiding In Plain Sight: Discovering Legacy Applications Using PVS
- SecurityCenter Dashboards: Vulnerability Reporting
- Whitepaper: Implementing an Effective Vulnerability Management Program
Webcast Recordings and Q&A
If you missed any of the previous webcasts in the "Vulnerabilities Exposed" series, view the recordings and read the Q&A.
Related Articles
Tenable Capture the Flag 2022: The Results Are In!
June 16, 2022It’s time to crown the winners of this year’s Capture the Flag Event! This event presented a series of security-related challenges in a Jeopardy-style format. Challenges ranged in difficulty and to...
The State of OT Security, a Year Since Colonial Pipeline
May 19, 2022During a recent podcast, Tenable's VP of Operational Technology Marty Edwards discussed the cyber threats faced by critical infrastructure providers and the importance of OT security, topics he'll add...
Test Your Hacking Skills: Join Tenable’s Annual CTF Competition!
April 25, 2022Tenable launches the 2022 Capture the Flag event for the security community, running from June 9-13. Get ready to test your hacking skills, practice new ones and see how you measure up against othe...
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Events
- Nessus
- Passive Network Monitoring
- SecurityCenter
- Vulnerability Management