Announcing the “Vulnerabilities Exposed” Webcast Series

by Paul Asadoorian
August 8, 2013

Jack Daniel and I will host the new "Vulnerabilities Exposed" webcast series. The first webcast will be held on August 27th at 2 pm EDT - "Reducing Your Patch Cycle to Less Than 5 Days." Read about the webcast series and register today.

Log Correlation Engine 4.2 Released

by Jack Daniel
May 29, 2013

Tenable has released the Log Correlation Engine, version 4.2.  This major release provides several significant new features and enhancements, including:

Automatic Asset Discovery

Assets are detected and identified through inspection of log files.  Logs from systems including DNS and DHCP servers, firewalls, and web filters will include information on all devices actively communicating on the network.  LCE 4.2 uses this information to deliver complete asset discovery.

Tenable Enhances SecurityCenter Reporting and Data Manipulation

by Manish Patel
February 8, 2013

SecurityCenter release 4.6.2 enhances monitoring and reporting capabilities to enable customers to easily review security and compliance data. In addition to the CyberScope specific reporting and monitoring enhancements in SecurityCenter 4.6.2 (discussed in previous blog on Feb. 7, 2013), this release also adds the capability to publish reports to third party reporting systems.

SecurityCenter 4.6.2 Provides Enhanced CyberScope Monitoring and Reporting

by Manish Patel
February 7, 2013

SecurityCenter already supports extensive CyberScope reporting and monitoring with unique combination of active as well as passive scanning. In previous releases, a separate utility was required to pull data and generate a CyberScope report with relevant CVE and CPE data. SecurityCenter now directly generates and publishes CyberScope reports like all other reports. In addition, SecurityCenter now generates two new reports: Asset Reporting Format (ARF) and Assessment Summary Report (ASR) that identify assets and their attributes and allow the exchange of vulnerability results of multiple assets at the aggregate level.

New Nessus Plugins Audit Your Patch Management System Effectiveness

by Paul Asadoorian
January 30, 2013

Nessus integrates with many popular patch management solutions, including IBM Tivoli Endpoint Manager (TEM), Red Hat Network Satellite server, Microsoft WSUS / SCCM, and VMware Go. The new Nessus "Patch Management Windows Auditing Conflicts" and "Patch Management Auditing Satisfied" plugins automatically cross-reference vulnerabilities from credentialed patch audits with patch information from your patch management system on the same asset, reporting discrepancies in a single report.

Detecting Compromised SSL Certificates Using Nessus

by Paul Asadoorian
December 13, 2012

When Thieves Target SSL Certificates

SSL is one of the most commonly used protocols to provide encryption for a variety of different applications. As such, it has come under great scrutiny over the years. While SSL misconfiguration is commonplace, one of the more recent attacks against SSL is to steal the Certificate Authority (CA) certificate. (In a paper released in July 2012, NIST warned that this type of attack would increase). Access to this certificate allows the attacker to issue valid certificates, and in the case of a code-signing certificate, use it to sign malware. Malware executing with this level of trust increases the chances of successfully being installed on the system. Other CA certificates are used to generate website certificates used by attackers to impersonate secure access to a given website.

New Nessus Compliance Checks Available for Check Point GAiA

by Paul Asadoorian
November 12, 2012

Keeping Your Firewalls in Check

Ensuring that your network infrastructure, in particular your routers and firewalls, is secure and maintains its integrity is critical to successfully defending your network. If an attacker were to gain control of these types of systems, they could potentially impact the security of your network as a whole. For example, an attacker with access to your firewall could read the firewall rules and use the information to selectively attack open services and create backdoors that would slip through your firewall.

Monitoring the Life of a Java Zero-Day Exploit with Tenable USM

by Randal T. Rioux
October 25, 2012

Not too long ago, CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU #636312) was issued for a flaw discovered in Oracle Java (JDK and JRE 7 U6 and before), as well as version 6 U34 and before.

This is a client-side vulnerability, which requires a user to initiate activity to be exploited. I will avoid dissecting the flaw in detail, as this information is widely available on the Web (a particularly good write-up is here).

Keep in mind that Java is platform independent, and so is this exploit. The example here uses Internet Explorer on Windows 7 (with Java SE 7u3). However, Linux and OS X users shouldn’t feel excluded on this one!

With Tenable's Unified Security Monitoring (USM) platform, comprised of SecurityCenter (SC), the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), we can track this exploit from start to finish.

Uncovering SSL Anomalies In Your Network Using SecurityCenter

by Paul Asadoorian
October 23, 2012

Looking in More than One Place

Nessus, PVS, and LCE offer several methods for auditing SSL protocol usage on your network(s). SSL is commonly used to secure websites, but also protects email, file sharing, and many other services. This post lists some generic SSL capabilities found in all Tenable products, and shows how you can combine them to generate useful reports and dashboards.

On the vulnerability identification side, Nessus uncovers many issues with SSL certificates, such as outdated certificates, unsigned certificates, and much more (see the screenshot below for more examples). SSL implementations shipped with appliances often use unsigned certificates, and rely on the administrator to install their own valid certificate. Without a properly signed certificate, man-in-the-middle attacks become considerably easier. If you’re an e-commerce shop, improper SSL implementations will also cause you to become non-compliant with PCI DSS standards.

SSLNessuplugins sm

A sample of Nessus plugins associated with identifying problems with SSL certificates. (Click for larger image)