The latest Nessus plugin feed update includes detection for Poison Ivy, a popular backdoor used by attackers. Poison Ivy allows a remote attacker to control the compromised system, and has mechanisms to jump from process to process. While anti-virus products should detect the presence of this software, there's always a chance of gaps. For example, by modifying the Poison Ivy binary, you can change its signature. This means if your AV software is out-of-date, an attack will be successful. If a determined attacker, dare I say "APT," were to modify this software to bypass even up-to-date AV software, Nessus can be used as a second line of defense in conjuction with malicious process detection adding more malware detection layers.
Perhaps one of the toughest challenges still for IT today, is keeping up with third-party software. Users will find ways to install software on their own (such as virtual machine software). Filling in the gaps nicely is the Tenable Passive Vulnerability Scanner (PVS). I've been running PVS on my lab network and witnessed firsthand as it flagged a PuTTY vulnerability on one system, and told me that my Flash player was out-of-date on my other system. Third-party vulnerabilities have a tendency to hide, and PVS helps uncover them in a big way.
Try Tenable.io free for 60 days. Protect your organization from WannaCry, NotPetya and other ransomware cyberattacks. Get Started
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.