PCI Compliance

Nessus Perimeter Service with New Tenable PCI Scanning Service Available

by Paul Asadoorian
April 17, 2012

Tenable is pleased to announce availability of the Nessus Perimeter Service including the Tenable PCI Scanning Service. Customers can scan an unlimited number of Internet-facing IP addresses, as often as they like, and submit PCI scan results up to twice per calendar quarter for Tenable PCI Approved Scanning Vendor (ASV) validation, all for $3,600 a year.

The Nessus Perimeter Service offers:

  • One flat fee - Scan an unlimited number of Internet-facing IPs, as often as you like
  • Web application vulnerability detection
  • Up to two quarterly PCI scan submissions for Tenable PCI ASV validation
  • Anytime, anywhere access via web browser and Tenable Nessus App for iPhone, Android, and iPod touch
  • World-class expertise with the most-trusted knowledgebase in the industry and access to Tenable’s PCI-certified professionals

To learn more about Nessus Perimeter Service and the Tenable PCI Scanning Service you can view the video titled "Nessus Perimeter Service Usage: PCI ASV Validation and SecurityCenter Integration":

New PCI-DSS Scan Policy

Sony: Compliance Lessons Learned

by Paul Asadoorian
May 12, 2011

The Now "Infamous" Sony Hack

It was reported late last month that attackers had penetrated Sony's PSN (PlayStation Network) platform. It has been rumored that reverse engineering the PlayStation firmware, coupled with vulnerabilities in Linux servers and unencrypted data traversing the network, led to the exposure of over 77 million users’ information being leaked, possibly including 2.2 million credit card numbers.

cc-theft.jpg

Sony reportedly may have lost so many credit card numbers that there is speculation it could devalue all stolen cards on the black market.

New Nessus Scan Policy Templates Added in the Plugin Feed

by Paul Asadoorian
April 7, 2011

We are pleased to announce that four new Nessus policy templates will be distributed to Nessus ProfessionalFeed and HomeFeed users via the Nessus plugins feed. This is first time we've used "push" functionality to send down scan policy templates.

TenablePolicies-sm.png
Click for larger image

The four new Nessus scan policy templates will appear in the "Policies" tab once your Nessus installation has updated the plugins:

  • External Network Scan - This policy is tuned to scan externally facing hosts, which typically present fewer services to the network. The plugins associated with known web application vulnerabilities (CGI Abuses and CGI Abuses: XSS plugin families) are enabled in this policy. Also, all 65,535 ports are scanned for on each target.

SSL Certificate Authority Auditing with Nessus

by Ron Gula
December 28, 2010

Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # 51192, test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.

Can I use Nessus to perform PCI audits?

by Ron Gula
July 12, 2007

Tenable's sales and support groups continue to get the following type of question:

"I'm considering purchasing a scanning service from vendor XYZ and they claim to use Nessus. Are they certified by Tenable to perform PCI scanning audits?"

There are several points to consider when such a question is posed and this blog entry will attempt to discuss many of the nuances involved with this issue.

Products are not Certified for PCI Audits

Pages