Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Wednesday

Most readers should be familiar with the concept of "Microsoft Tuesday" as the day when Microsoft, and many other OS vendors, release security patch information. These releases occur on a regular basis. Because of this, we've had many Tenable customers configure their Security Center to automatically update Nessus and Passive Vulnerability Scanner plugins, perform a scan and then email a report on the following Wednesday. This blog post discusses how this is accomplished.

Research of Vulnerabilities

Tenable's research team publishes all new plugins to this RSS feed. This information is publicly available to anyone. Anytime we release a remote check or patch audit, it shows up there. Patch audits are usually the first (and easiest) plugins to produce, and then more complex remote "service" audits come next. Checks that can be accomplished purely through sniffing are also produced for the Passive Vulnerability Scanner (PVS) which also has it's own RSS feed of new plugins as well. Typically, within the first 12 hours of major bug releases, the checks will be available for Nessus Direct Feed subscribers, and Security Center and PVS users.

Automatic Monitoring with the Security Center

If your Security Center is updating the Nessus and PVS plugins on a nightly basis, than scheduling a scan for early "Wednesday Morning" can give you very good insight as to how open your network is to the immediate vulnerabilities. If the PVS is also deploiyed on the network, then it will also alert to new vulnerabilities without the need for a scan.

Scans can automatically be scheduled to perform patch audits of certain types of network assets such as all of the domain controllers, all of the mail servers, all of the server farm and so on. The Security Center manages the updating of each Nessus scanner as well as the credentials required for a full audit of each asset. Security Center users accomplish this with a "vulnerability policy" and a "scan policy".

The vulnerability policy specifies what you want to scan for. This includes scan configuration settings, such as credentials and target ports, as well as which Nessus plugins (by family or individual plugins). Since the Security Center uses the Nessus Direct Feed for its source of plugins, you can also create a vulnerability policy that makes use of the most recent plugins in each family. For example, you could create a policy to scan for just "Windows Patches" and only those, including the latest patch audits, would be executed.

Scanning polices can be very simple or quite sophisticated. For example, a scanning policy could launch a credentialed scan against the "Windows Servers" everyday at 5:00 AM. Scans can also occur at specific days of the week, weekends, certain days of the month and so on. Scans can also be chained together such that the results of the first scan can be used to update a dynamic asset list which is scanned by the second scan. Scan policies can also select which Nessus scanners (or groups of scanners we call "zones") perform the audit.

If the PVS is deployed on the network, the Security Center will update those sensor with the latest vulnerability plugins. No policies, scan schedules or credentials are required to configure the PVS. It just montiors the network and accurately reports client and server side vulnerabilities to the Security Center.

Automatic Reporting

For active Nessus scans, each scan policy also has the option to generate an email of any vulnerabilities found, or just "new" pieces of information. When these scans occur immediately after a "Microsoft Tuesday", they will identify all of the systems which have the "brand new" missing security patches.

The Security Center can also automatically create a scheduled PDF report of vulnerabilities which can be emailed to you. This report is generated from the Security Center's "cumulative" vulnerability database. This database includes any passively discovered vulnerabilities from the PVS. 

A very useful part of the cumulative database is the filtering of vulnerabilities based on when they were "first seen". A "Tenable Wednesday" report could easily be limited to all vulnerabilities that have been discovered within the past day. This is a very convenient way to automatically report on all "new vulnerabilities" identified by multiple Nessus scans and PVS monitoring.

For some customers who do not scan that often, but use the PVS, the passively discovered vulnerabilities are their first indication that there may be new security issues. 

Conclusion

Reporting on the most recent vulnerability information available is a method of finding out the "bad news" as quickly as possible. This is a completely different process than our previous blog post, which suggested reporting about vulnerabilities based on classes of systems that were managed or un-managed.  The intent of scanning for the latest and greatest vulnerabilities should be to discover any critical security issues that will impact your business in the short term.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training