Continuous Monitoring for the New IT Landscape

by Marcus J. Ranum on August 6, 2014

The landscape of IT security is changing and the rash of recent data breaches has targeted a fatal flaw in the way organizations have approached security over the last two decades. When it comes to security practices, organizations are going to have to adapt: older techniques simply won’t cut it anymore. Defensive technologies like firewalls, antivirus, patching systems and security event management have failed to prevent successful attacks because they are frequently not aligned with a unified security policy or business practice. Continuous monitoring manages the automated discovery and...

Tenable Integrates with Dell KACE Systems Management Solution

by Manish Patel on July 30, 2014

Nessus and SecurityCenter now integrate with the Dell KACE K1000 Systems Management appliances to identify missing patches on vulnerable systems, detect unmanaged systems, and extend scanning to cover systems that previously could not be scanned. This integration expands Tenable’s strategy to bridge the gap between vulnerability scanning and patching by allowing administrators to scan targets directly or query endpoint management platforms including Windows WSUS and SCCM, IBM Tivoli Endpoint Manager, Red Hat Network Satellite, and Dell KACE. Administrators are able to prioritize vulnerable...

Announcing Singapore MAS Technology Risk Management Dashboard

by Dick Bussiere on July 1, 2014

Tenable is pleased to announce a dashboard designed to assist our Singapore Financial Services Industry customers to comply with the Monetary Authority of Singapore Technology Risk Management Guidelines. The Monetary Authority of Singapore (MAS) has published a refreshed set of Technology Risk Management (TRM) Guidelines. These TRM Guidelines have a strong regional and global impact, and now affect any organization that can be classified as a Financial Institution (FI), not just banks. Types of organizations impacted include: Finance Companies Insurance Companies Financial Advisers Securities...

Announcing SEC OCIE Dashboards for Financial Services

by Aarij Khan on June 11, 2014

Tenable is excited to release a set of dashboards, reports and components that help our financial services customers collect and document necessary data for the SEC Office of Compliance Inspection Examinations Risk Alert. The Risk Alert includes an Appendix that is a sample request for documents and information, which the SEC OCIE can use to evaluate the organization’s security program. This content leverages Tenable Network Security’s SecurityCenter Continuous View (CV) along with its Continuous Monitoring framework to ease the effort needed to follow the guidelines in the Risk Alert. While...

Understanding NIST’s Cybersecurity Framework

by Cris Thomas on April 8, 2014

NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at least understand where they are deficient and why. The CSF is a valuable indicator of what a standard of care should be. The document provides a standard measurement that organizations can agree on in terms of assessing risk assessment. The CSF will give higher levels of management, such as a boards of...

Announcing Tenable SecurityCenter CV Version 4.8

by Aarij Khan on March 20, 2014

Tenable is excited to announce the general availability of SecurityCenter Continuous View (SC CV) version 4.8. This latest update to the SecurityCenter product family is the latest step in Tenable’s history of innovation and market leadership. SecurityCenter CV 4.8 is the first product in the industry to integrate vulnerability, threat and compliance management, introducing several features that enable security teams to accelerate security forensic analysis and incident response. This release is built on the industry’s only security solution that provides 100% asset discovery 100% of the time...

ThreatConnect: Indicator for Suspicious Behavior and Malware

by Paul Asadoorian on February 19, 2014

Information about threats comes from many different sources. Several third parties, such as ThreatConnect, offer such information which can be used as indicators for suspicious behavior and/or malware in your environment. ThreatConnect technology can be integrated with Tenable's SecurityCenter and Nessus products as follows: IP addresses, file hashes, and URLs can be used as indicators with SecurityCenter. File hashes can be used as part of malware scanning with Nessus. For example, custom file hashes could be exported from ThreatConnect and used in Nessus or SecurityCenter custom malware...

Detecting Snowden - The Insider Threat

by Paul Asadoorian on February 12, 2014

Tenable's scanning, sniffing, and logging products can comprehensively identify a variety of potentially malicious activity, including activity generated by malicious insiders like Edward Snowden. Tenable's SecurityCenter Continuous View solution can further automate the detection of events coming from scanners, intrusion detection systems, malware, compliance violations, and much more.