Malware and Malicious Behavior
DNSChanger Monitoring
Detect, Audit, Investigate Malware
Deploying anti-malware software through an organization is essential, but it is not a fool-proof defense. Tenable's SecurityCenter platform, built on the Unified Security Monitoring architecture, offers a deeper level of detection against malware.
Tenable SecurityCenter monitors system processes, network traffic, and logs. It correlates this information with audits of anti-virus configurations and malware scans to:
- Detect a wide range of threats to an organization
- Audit anti-virus and other prevention methods
- Reduce response time, pinpointing responses to breaches and malicious access
Detect Malware Quickly
The Tenable Unified Security Monitoring architecture brings together scanning, network traffic sniffing, and log analysis to detect malicious processes, misconfiguration, and misuse that can evade other solutions.
- Nessus uses multiple methods, including access to specialized feeds, to detect malware that avoids anti-virus detection, botnets, malicious content, backdoors, and artifacts of rootkits.
- The Passive Vulnerability Scanner (PVS) and Log Correlation Engine analyze and log network traffic and system events to identify malware activity and malicious behavior in real time.
Audit Anti-Virus Measures
Over 100 Nessus plugins audit anti-virus technologies. This makes it easy to determine whether anti-virus components network-wide are properly installed and configured, running, and whether they contain vulnerabilities.
Audits cover solutions from leading anti-virus vendors including Trend Micro, McAfee, ClamAV, Bitdefender, Kaspersky, ESET, F-Secure, and others.
Investigate Security Incidents
SecurityCenter integrates and correlates a tremendous amount of relevant forensic information, including network traffic, intrusion detection logs, NetFlow, authentication, and other data.
For example, SecurityCenter can examine traffic and logs for file browsing, file transfer activity, DNS lookups, SSL certificates in use, protocols, and web browser user-agents. It can correlate activities with user IDs, even for mobile users or those in dynamic DHCP environments.
Using Tenable solutions, you can easily determine the extent of a compromise. For example:
- Find systems compromised by a botnet
- Determine whether an internal server is communicating with a botnet
- Identify all assets running malicious processes