Tenable Network Security's Vulnerability Management solutions incorporate automation in a tangible way, giving you the ease of scheduling reports, scans and mundane tasks once and moving on to more pressing needs.

Continuous Monitoring

Traditionally, vulnerability management has been done as a point-in-time process. You determine when you want to look at your network, you schedule or initiate a scan, and then you wait for the results. You get an accurate picture of your vulnerabilities, traffic, and more at that one point in time. But networks are always changing, and a point-in-time scan from ten minutes ago may not give you an accurate portrayal of your network ten minutes from now. That's where continuous monitoring comes in.

With Tenable Nessus and Tenable SecurityCenter, any organization can automate scans as often as needed. Multiple discovery scans, vulnerability scans, patch audits and configuration audits can be scheduled to occur often to provide rapid discovery of new hosts, new applications and new vulnerabilities. Independent schedules of different network assets can be combined to provide as much coverage as needed. For example, you may want a scan of your DMZ to occur every six hours while only performing a credentialed patch audit once a week.

With the Tenable Passive Vulnerability Scanner, you can monitor your network's security in real-time. Each instance of the Passive Vulnerability Scanner automatically watches network traffic and reports as soon as it discovers a new host, application or vulnerability. Any firewall changes that expose unauthorized services, new web servers that are put into production, new laptops that are plugged into the network and many other types of changes that impact security are detected automatically in real-time with traffic analysis.

And only Tenable provides integration with patch management systems from Red Hat®, Microsoft® and VMware®, providing visibility into systems that are otherwise cut off from vulnerability assessments, increasing accuracy and the fidelity of patch data.

Trending & Reporting

Tenable SecurityCenter can be used to automate dashboards and reports that communicate your vulnerability management program to executives and administrators. All of the data discovered by Tenable Nessus, the Tenable Passive Vulnerability Scanner and the Tenable Log Correlation Engine may be used to create dashboards and reports that display strategic or tactical security information. For example, the following use cases can be accomplished with Tenable's suite of products:

• For each Windows domain, the number of computers and number of missing patches can be uniquely displayed for periods of time such as the last 30 days or past year.
• Each business unit can be scanned and tracked for discreet items, such as MS08-068, the vulnerability exploited by Confiker or if a node is or isn't running anti-virus software.
• Each business unit can have their SLAs tested. For example, if your group requires all patches to be deployed within 30 days, SecurityCenter can automatically graph all vulnerabilities per business unit that have vulnerabilities older than that.
• Reports can be automatically scheduled and emailed to CEOs, auditors and administrators that summarize vulnerability and compliance information.

Alerting

Tenable Network Security's vulnerability management system includes a sophisticated alerting protocol to notify you of attacks, system abuse, vulnerable systems, non-compliant systems and more through messages sent to you via email, to your mobile device or in-application alerts.

Tenable SecurityCenter centralizes all notifications, from up-to-the-minute alerting to scheduled checks that are tested once a day.

The alerting function is versatile enough to open tickets within Tenable SecurityCenter, send syslog messages, send notifications, send emails and/or launch scans. For example, alerts can be set that count the number of IP addresses, open ports and critical vulnerabilities for specific assets and then if this value goes above a threshold, to send an email. Alerts for events can also be set, such as opening up tickets if there is a spike in intrusion detection events. 

There are many different combinations of alerting that can be used to monitor compliance and security. Consider this short list:

• Alerting for any assets that have missing patches older than 15 days.
• Having FDCC audits of Windows hosts after any major software installation.
• Performing vulnerability scans of any hosts newly discovered by a scan or the Tenable Passive Vulnerability Scanner.
• Alerting when DMZ servers have intrusion detection events that have been correlated with known vulnerabilities.
• Sending alerts when the number of hosts, open ports changes.
• Alerting when any change has occurred on systems that are not supposed to be modified.
• Sending emails when key servers have had file checksum issues indicating compromises.

Tenable SecurityCenter includes a built-in ticketing system. Alerts can open up tickets and associate vulnerability, log, configuration and event data with each ticket for tracking. Additionally, users have the ability to manually open tickets while performing analysis of vulnerability or event data.