SecurityCenter General Questions
What is SecurityCenter?
SecurityCenter™ consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards, and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
SecurityCenter includes functionality from Nessus as well as the following additional capabilities:
- Measure security assurance and the effectiveness of your security investments using Tenable exclusive Assurance Report Cards (ARCs)
- Use customizable dashboards, reports, and workflows to quickly identify and rapidly respond to security incidents
- Communicate consolidated metrics to business executives and other IT security stakeholders
- View vulnerability management and security assurance trends across systems, services, and geographies
- Group and control team member permissions by role
- Use advanced analytics with actionable information and trending to prioritize events and alerts
What is SecurityCenter Continuous View?
SecurityCenter Continuous View is a comprehensive solution that provides continuous visibility and critical context, enabling decisive action. With advanced analytics, it gives you continued assurance that your security program is working.
SecurityCenter Continuous View includes SecurityCenter capabilities, as well as the following additional capabilities:
- Obtain information on which assets are connected to the network and how they are communicating
- Monitor host activities and events, including who is accessing them and what is changing
- Identify previously unknown resources, changes in behavior, and new application usage
- Get near real-time metrics for continuous security and compliance
- Correlate real-time activity with the state-based vulnerability data
What is unique about SecurityCenter 5?
The new capabilities in SecurityCenter 5 enable you to continuously measure, analyze, and visualize the security and risk posture of your enterprise. SecurityCenter 5 includes a brand new HTML5 based UI, which enables you to create highly customizable dashboards and reports to satisfy unique stakeholder needs, simplified workflows for faster trending and remediation, and new API’s to make it easier to integrate with your existing IT processes and workflows.
SecurityCenter 5 also includes the industry’s first Assurance Report Cards (ARCs) that enable your Chief Information Security Officer (CISO) and security leaders to define the company’s security program objectives in clear and concise terms, identify and close potential security gaps, and communicate effectiveness of your security investments to C-level executives and board members.
What are the new features in SecurityCenter 5?
- Assurance Report Cards (ARCs): Assurance Report Cards provide an effective way to measure and communicate to executives that high-level business objectives are being met based on evaluation of customer defined security policies and rapid deployment of controls in near real-time.
- Critical Cyber Controls (CCC): Critical Cyber Controls are five pre-defined ARCs that focus on monitoring the top five security objectives that have the greatest impact to ensuring the security posture of any business.
- Advanced analytics: provide contextual insight and actionable information to prioritize security issues. The Breaking Kill Chains dashboard is one example of sophisticated analytics provided by SecurityCenter out-of-the-box.
- Improved searching and trending: searching and trending of scan and event data now includes the capability of storing incremental changes in back-end repositories.
- Customizable dashboards and reports: the new HTML 5-based UI enables highly-customizable dashboards, with previews to help visualize how the screen will be populated with data.
- Dashboard templates: Tenable's research team generates new dashboard and report content daily, delivered to customers in a unique security app store interface, with no downloads or unpacking required.
Other New Features
- Support for Nessus Agents: automates imports of Nessus Agent scan data from Nessus Cloud or Nessus Manager directly into SecurityCenter (available in SecurityCenter 5.1 or later).
- Audit policies in content feed: provides automatic configuration policy updates in the regular content feeds from Tenable, without going through manual downloads and imports.
- Configurable blackout windows: provides override schedules for individual scan policies.
- New APIs: enables integration of SecurityCenter 5 with existing infrastructure to automate centralized management, reporting, remediation, and workflows. Learn more about the SecurityCenter REST API.
- 32G repositories: supports saving more scans, events, and network activity data for longer periods.
- UTF character support: supports internationalization and localization for reporting.
What are Assurance Report Cards (ARCs)?
ARCs are highly customizable “objectives” that CISOs can define and use to measure security assurance on a continuous basis. ARCs enable customers to express security policies in a business context, and assess them continuously for security assurance. ARCs utilize customer-defined security policies, allowing security teams to identify the gaps where policies are failing to meet business objectives.
What are Critical Cyber Controls, and how do they help me?
Critical Cyber Controls are executive focused ARCs that come pre-installed in SecurityCenter 5. They enable CISOs to validate the following top five security objectives which have the greatest impact to ensuring the security posture of any business.
- Objective #1: Track authorized inventory of hardware and software
- Objective #2: Remove vulnerabilities and misconfigurations
- Objective #3: Deploy a secure network
- Objective #4: Authorize user access to the systems
- Objective #5: Search for malware and intruders
Each Critical Cyber Control ARC can be customized to meet your specific security goals.
What are Nessus Agents?
Nessus Agents are lightweight programs installed locally on a host – a laptop, virtual system, desktop, and/or server. Agents receive scanning instructions from a central Nessus Manager server, perform scans locally, and report vulnerability, compliance and system results back to the central server.
Nessus Agents, available with Nessus Cloud and Nessus Manager, increase scan flexibility by making it easy to scan problematic assets such as those needing ongoing host credentials and assets that are offline. Agents also enable large-scale concurrent scanning with little network impact.
Why Use Nessus Agents with SecurityCenter?
Today’s extended networks and mobile devices make assessing and protecting all of your environment extremely difficult. Now it is possible to leverage Nessus Agent technology to increase scan coverage and remove blind spots. Nessus Agents were first introduced with Nessus 6.3 in February 2015, and platform coverage continues to expand.
Agents provide vulnerability scanning and configuration assessment access for:
- Transient systems, like laptops, that are often disconnected from the network when traditional scans run.
- Systems connected over limited bandwidth connections or across complex, segmented networks.
- Systems for which the security team lacks the credentials required to perform authenticated scanning.
- Fragile systems that are unsafe to scan with traditional scanning.
How do Nessus Agents and SecurityCenter work together?
Nessus Agent scans, configured from within Nessus Cloud or Nessus Manager, identify vulnerabilities, policy-violating configurations, and malware on the hosts where they are installed, report results back to Nessus Cloud or Nessus Manager, and then the results are imported into SecurityCenter on a scheduled basis. By scheduling the import of the agent collections, you will ensure your reports and overall security metrics now include “all” the hosts in your environment.
What is the recommended deployment model when using Nessus Agents with SecurityCenter?
Tenable recommends that you use Nessus Cloud to manage Nessus Agents and to transfer agent data to SecurityCenter as shown below.
Tenable recommends the Nessus Cloud deployment model for the following reasons:
- Safely secure your mobile workforce: You may have thousands or tens of thousands of remote/mobile workers whose laptops are not online during a vulnerability scan. Nessus Agents will run the scans locally and then upload result to Nessus Cloud when a connection is available, without the risk associated with every agent uploading its individual results through your firewall.
- Simplify management: Tenable manages Nessus Cloud for you. We are responsible for high availability, we backup the data, and we perform the software updates. You manage your vulnerability data, not the Nessus platform.
- Scale with ease: As your use of Nessus Agents increases, you will not need to upgrade your computing and storage infrastructure to accommodate growth.
- Scan your perimeter: Many SecurityCenter customers that already perform internal scanning to satisfy PCI compliance requirements also use Nessus Cloud to satisfy external PCI scanning requirements that must be performed by an approved scanning vendor (ASV). If you are not already using SecurityCenter to meet both internal as well as external PCI compliance scans, this deployment model will make it easy for you to use both of these SecurityCenter capabilities.
- Preserve internet bandwidth: Importing scan data in bulk from Nessus Cloud can be scheduled during off hours to preserve daytime bandwidth for your business users. Additionally, managing a single connection between Nessus Cloud and SecurityCenter reduces network overhead compared with managing thousands of connections with individual agents.
If desired, you can use Nessus Manager in place of Nessus Cloud to manage the agents. In this case, Tenable suggests you deploy Nessus Manager as a proxy between the agents and SecurityCenter.
For more information about Nessus Agents, see the following resources:
- SecurityCenter 5.1 with Nessus Agent Support white paper
- Nessus Agents FAQ
- Nessus Agents webpage
- Nessus Agents whitepaper
Where can new customers purchase SecurityCenter 5?
New customers should contact their Tenable or Partner sales representative or visit the Tenable website to schedule a demo and receive an evaluation copy of SecurityCenter 5 before purchasing.
Is there an additional cost to upgrade to SecurityCenter 5 from SecurityCenter 4.7 or 4.8?
There is no additional cost for subscription customers and perpetual license customers under maintenance. Please contact a sales representative for details.
Where can existing customers download SecurityCenter 5?
Existing customers can download installation packages from the Support Portal.
How do I upgrade from previous SecurityCenter versions?
Instructions for upgrading SecurityCenter from previous versions are available on the Support Portal.
What platforms is SecurityCenter 5 available for?
Platform support is described in the Tenable General Requirements document, which can be downloaded from the Support Portal.
What are the hardware requirements for SecurityCenter 5?
Hardware requirements for SecurityCenter 5 are described in the Tenable General Requirements document, which can be downloaded from the Support Portal.