Passive Network Monitoring

Adding Passive Vulnerability Scanning To Your Security ToolKit

by Ron Gula on September 16, 2013

The new PVS 4.0 annual subscription makes network monitoring available to a wide variety of security practitioners. This is a new type of product, and it has many highly-practical use cases. Read about several ways you can get your security work done quicker with PVS 4.0.

New Passive Vulnerability Scanner (PVS) 4.0 Released

by Paul Asadoorian on September 12, 2013

The Passive Vulnerability Scanner (PVS) version 4.0 is now available to the public. PVS 4.0 features a brand-new HTML5 web-based interface and a standalone version, allowing users to track and review vulnerabilities discovered from sniffing network traffic.

Is the Passive Vulnerability Scanner an Intrusion Detection System?

by Ron Gula on April 29, 2013

When I was at RSA earlier this year, I gave a variety of media interviews and product demos about Tenable solutions. I demonstrated Nessus detecting malicious processes and the Passive Vulnerability Scanner (PVS) providing an audit trail of all network activity that led up to the infection. I also showed how the Log Correlation Engine (LCE) correlated PVS logged DNS queries to known botnets.

Recap: Geeking Out II with Marcus

by Marcus J. Ranum on April 15, 2013

Ron and I spent most of the webcast rotating around the theme of detection algorithms: how do you determine what is normal and what is not? We started off with one of my favorite questions, "Are there only two algorithms? Statistics - of some sort - or matching?" I think that, by the time we were done, the two approaches had withstood the argument. We also dug into some of the issues in designing large-scale log analysis systems, and how to tier architectures, do your filtering at the edges of the network, and where to maintain copies of the actual logs themselves. On the algorithms side, we...

Monitoring the Life of a Java Zero-Day Exploit with Tenable USM

by Randal T. Rioux on October 25, 2012

Not too long ago, CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU #636312) was issued for a flaw discovered in Oracle Java (JDK and JRE 7 U6 and before), as well as version 6 U34 and before. This is a client-side vulnerability, which requires a user to initiate activity to be exploited. I will avoid dissecting the flaw in detail, as this information is widely available on the Web (a particularly good write-up is here ). Keep in mind that Java is platform independent, and so is this exploit. The example here uses Internet Explorer on Windows 7 (with Java SE 7u3). However, Linux and OS X users shouldn’t feel excluded on this one! With Tenable's Unified Security Monitoring (USM) platform, comprised of SecurityCenter (SC), the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), we can track this exploit from start to finish.

Uncovering SSL Anomalies In Your Network Using SecurityCenter

by Paul Asadoorian on October 23, 2012

Looking in More than One Place Nessus, PVS, and LCE offer several methods for auditing SSL protocol usage on your network(s). SSL is commonly used to secure websites, but also protects email, file sharing, and many other services. This post lists some generic SSL capabilities found in all Tenable products, and shows how you can combine them to generate useful reports and dashboards. On the vulnerability identification side, Nessus uncovers many issues with SSL certificates, such as outdated certificates, unsigned certificates, and much more (see the screenshot below for more examples). SSL implementations shipped with appliances often use unsigned certificates, and rely on the administrator to install their own valid certificate. Without a properly signed certificate, man-in-the-middle attacks become considerably easier. If you’re an e-commerce shop, improper SSL implementations will also cause you to become non-compliant with PCI DSS standards. A sample of Nessus plugins associated with identifying problems with SSL certificates. (Click for larger image)

#1 Nessus is an Enterprise Tool - Top Ten Things You Didn't Know About Nessus

by Paul Asadoorian on October 18, 2012

The final installment in our "Top Ten Things You Didn't Know About Nessus" video series describes how Nessus is used in the enterprise. Additional products from Tenable, such as, SecurityCenter, the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), are used to fill the gaps and extend the functionality of your vulnerability management program. The video covers how you can overcome problems such as: Launching scans that will run faster and fit into your maintenance windows and patch management cycles Allowing different groups within your organization to manage their...