Tenable Announces SecurityCenter 4.7

by Manish Patel on August 29, 2013

Today, Tenable Network Security announces the release of SecurityCenter 4.7 with a first-of-its-kind security “app store” – a catalog of hundreds of apps that provide the latest intelligence for identifying advanced threats and compliance violations. Available for free, these analytics are directly accessible from within the SecurityCenter console and offer extensive visibility for multiple teams – network, security, operations, and compliance. The apps dramatically cut time and resources required to identify and respond to vulnerabilities, advanced threats, and compliance violations without...

Log Correlation Engine 4.2 Released

by Jack Daniel on May 29, 2013

Tenable has released the Log Correlation Engine, version 4.2. This major release provides several significant new features and enhancements, including: Automatic Asset Discovery Assets are detected and identified through inspection of log files. Logs from systems including DNS and DHCP servers, firewalls, and web filters will include information on all devices actively communicating on the network. LCE 4.2 uses this information to deliver complete asset discovery. User Account Enumeration User accounts are continuously discovered through log analysis and are identified for audit and reporting...

Upping the Ante: Tenable’s Log Correlation Engine Now Standard in SecurityCenter Continuous View

by Allan Carey on April 18, 2013

After a very successful launch of SecurityCenter Continuous View (CV) last year, Tenable has further enhanced the analytical power and value of SecurityCenter CV with the addition of Tenable’s Log Correlation Engine (LCE) as a standard component of the solution. Today’s announcement highlights the addition of LCE to SecurityCenter CV which brings together vulnerability management, compliance reporting, and security information and event management (SIEM) into a single, integrated security and compliance intelligence platform. LCE provides the ability to import logs from hundreds of devices...

Tenable Enhances SecurityCenter Reporting and Data Manipulation

by Manish Patel on February 8, 2013

SecurityCenter release 4.6.2 enhances monitoring and reporting capabilities to enable customers to easily review security and compliance data. In addition to the CyberScope specific reporting and monitoring enhancements in SecurityCenter 4.6.2 (discussed in previous blog on Feb. 7, 2013), this release also adds the capability to publish reports to third party reporting systems.

SecurityCenter 4.6.2 Provides Enhanced CyberScope Monitoring and Reporting

by Manish Patel on February 7, 2013

SecurityCenter already supports extensive CyberScope reporting and monitoring with unique combination of active as well as passive scanning. In previous releases, a separate utility was required to pull data and generate a CyberScope report with relevant CVE and CPE data. SecurityCenter now directly generates and publishes CyberScope reports like all other reports. In addition, SecurityCenter now generates two new reports: Asset Reporting Format (ARF) and Assessment Summary Report (ASR) that identify assets and their attributes and allow the exchange of vulnerability results of multiple assets at the aggregate level.

New Nessus Plugins Audit Your Patch Management System Effectiveness

by Paul Asadoorian on January 30, 2013

Nessus integrates with many popular patch management solutions, including IBM Tivoli Endpoint Manager (TEM), Red Hat Network Satellite server, Microsoft WSUS / SCCM, and VMware Go. The new Nessus "Patch Management Windows Auditing Conflicts" and "Patch Management Auditing Satisfied" plugins automatically cross-reference vulnerabilities from credentialed patch audits with patch information from your patch management system on the same asset, reporting discrepancies in a single report.

Detecting Compromised SSL Certificates Using Nessus

by Paul Asadoorian on December 13, 2012

When Thieves Target SSL Certificates SSL is one of the most commonly used protocols to provide encryption for a variety of different applications. As such, it has come under great scrutiny over the years. While SSL misconfiguration is commonplace , one of the more recent attacks against SSL is to steal the Certificate Authority (CA) certificate. ( In a paper released in July 2012, NIST warned that this type of attack would increase ). Access to this certificate allows the attacker to issue valid certificates, and in the case of a code-signing certificate, use it to sign malware. Malware executing with this level of trust increases the chances of successfully being installed on the system. Other CA certificates are used to generate website certificates used by attackers to impersonate secure access to a given website.

New Nessus Compliance Checks Available for Check Point GAiA

by Paul Asadoorian on November 12, 2012

Keeping Your Firewalls in Check Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.