Protect Critical Infrastructure with Continuous Network Monitoring™
Growing cyber threats have increased the amount of risk our nation’s critical infrastructure faces and providers of electrical utilities are chief among those who must take steps to protect themselves. Specifically, they must meet the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards, designed to assure the reliability of North America’s power system.
Tenable™ helps utility providers ensure the safety and security of BES Cyber Systems and other assets by continuously monitoring for vulnerabilities, threats, and compliance and security issues found in their enterprise and SCADA networks.
Maintain NERC CIP Compliance
Tenable offers a number of solutions, including Nessus®, the world’s most widely deployed vulnerability scanner, and SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, to help your organization meet and remain compliant with NERC CIP requirements.
Using Nessus®, utilities can:
- Audit operating systems, network devices and applications for vulnerabilities in environments subject to NERC CIP requirements.
- Perform specific vulnerability checks on control systems such as Telvent, Siemens, and more.
- Perform configuration audits of operating systems and applications specifically used in control systems such as OSIsoft PI, ABB Ranger, and more.
Using Nessus, utilities have access to Digital Bond's Bandolier project, which has produced audit policies for Nessus and SecurityCenter Continuous View users to test the configurations of many different types of control system software.
SecurityCenter Continuous View
Using SecurityCenter Continuous View, utilities can:
- Employ Tenable's Passive Vulnerability Scanner™ (PVS™) to observe any IP-based control system network to monitor changes, discover assets and assess vulnerabilities without affecting network performance.
- Employ Tenable’s Log Correlation Engine™ (LCE™) to gather NetFlow data, system logs, employee logins, intrusion detection events, file integrity information, privilege escalation and much more across enterprise networks and control system devices for aggregation, correlation, analysis, and forensics.