Council on CyberSecurity Critical Security Controls

Tenable for the 20 Critical Security Controls

The 20 Critical Security Controls are prioritized mitigation steps published by the Council on CyberSecurity to improve cyber defense.  Rigorous automation and tracking of these critical controls has demonstrated more than 90% reduction in "measured" security risk within the U.S. State Department. 

Tenable's solutions offer continuous monitoring and real-time vulnerability assessment for implementing these critical controls.  Key capabilities include:

  • Accurate and integrated vulnerability management solution for broad coverage and accurate risk assessment
  • Real-time network monitoring for continuous assessment of vulnerabilities and security posture
  • Integrated log aggregation and correlation for identifying anomalies and forensic analysis

Tenable offers more products and covers more of the 20 Critical Security Controls than any other vendor.  To find out how Tenable solutions cover each of the 20 Critical Security Controls, please reference our whitepaper

Foundation for Practical Defenses

Tenable's SecurityCenter Continuous View (CV) is the first integrated solution that combines active vulnerability scanning with real-time network monitoring and log correlation to cover more critical controls than any other vendor.  It provides continuous monitoring of risk based on severity, accessibility, and exploitability.  The solution integrates with third-party intelligence, such as exploit databases and malware detection services, as well as popular patch management and mobile device management systems to pinpoint security risks and achieve compliance with the critical controls.

Real-time Network Monitoring

SecurityCenter CV discovers, maps, and tracks risks from the moment an asset connects to your network.  It fully meets the continuous monitoring control through a combination of network scanning with Nessus and passive network monitoring via Passive Vulnerability Scanner (PVS).  It also integrates with existing asset and network management data tools to offer a more complete view of risks associated with unmanageable and transient devices.

Integrated Correlation and Log Analysis

SecurityCenter CV aggregates, normalizes, correlates, and analyzes event log data from the myriad of devices within your infrastructure. Tenable’s Log Correlation Engine (LCE) offers forensic log analysis, IT troubleshooting, and compliance monitoring.  It can work with syslog data, or data collected by dedicated clients to cover controls related to malware defenses, boundary defenses, and analysis of audit logs.

Tenable and the 20 Critical Security Controls

SecurityCenter offers a single dashboard with 15 individual components that provide insight into 50 items that directly correlate to the Top 20 Critical Security Controls.

Control Impact on Attack Mitigation Critical Security Control Tenable
1 Very High Inventory of Authorized and Unauthorized Device  View Dashboard
2 Very High Inventory of Authorized and Software  View Dashboard
3 Very High Secure Configuration of HW and SW on Mobile devices, Laptops, Workstation and Servers  View Dashboard
4 Very High Continuous Vulnerability Assessment and Remediation  View Dashboard
5 High/Medium Malware Defenses  View Dashboard
6 High Application Software Security  View Dashboard
7 High Wireless Access Control  View Dashboard
8 Medium Data Recovery Capability
9 Medium Security Skills Assessment and Appropriate Training to Fill Gaps
10 High/Medium Secure Configuration of Network Devices (FWs, Routers, and Switches)  View Dashboard
11 High/Medium Limitation and Control of Network Ports, Protocols, and Services  View Dashboard
12 High/Medium Controlled Use of Administrative Privileges  View Dashboard
13 High/Medium Boundary Defenses
14 Medium Maintenance, Monitoring, and Analysis of Audit Logs  View Dashboard
15 Medium Controlled Access Based on the Need to Know  View Dashboard
16 Medium Account Monitoring and Control  View Dashboard
17 Medium/Low Data Protection  View Dashboard
18 Medium Incident Response and Management
19 Low Secure Network Engineering
20 Low Penetration Testing and Red Team Exercises

Buy Nessus

Save up to $1,200 on product, training, and certification bundles.

Buy Now

Compare SecurityCenter Editions

See what version of SecurityCenter is right for you.

Compare

Evaluate SecurityCenter

Schedule an enterprise evaluation of SecurityCenter to see your security and compliance information in a new way.

Contact Us