Tenable Product Usage

Analyzing the Compromise - without Going Hungry

by Paul Davis on February 21, 2011

It's 4:55 PM on a Friday and you are looking forward to an enjoyable dinner with your family. Your Blackberry starts buzzing from across your desk while your inbox starts filling up with alerts from your SecurityCenter along with frantic emails from Human Resources. It seems a disgruntled employee named Jack Black quit today and nobody remembered to tell the IT group to disable his accounts until after important files started disappearing. Suddenly, you are stuck in Incident Response mode, gathering data on the user's activities. Do you cancel your reservations? Fortunately, you have deployed Tenable Network Security's Unified Security Monitoring products, and have a wide array of resources[1] at hand to streamline the response process. These resources include SecurityCenter, the Passive Vulnerability Scanner (PVS) and Log Correlation Engine (LCE). At a high level, what can these resources do for you? SecurityCenter SecurityCenter provides a unified view of both vulnerability and event data along with the alerting, ticketing and reporting required for thorough user forensics. Passive Vulnerability Scanner PVS not only tracks vulnerabilities, but logs user and network activities detected in real-time on the wire. These activities include:

Log Correlation Engine 3.6 – Now with its own GUI

by Ron Gula on January 5, 2011

Tenable Network Security has released version 3.6 of the Log Correlation Engine . This new version includes many performance enhancements as well as its own web-based user interface. This blog entry describes the new user interface, the increased performance and the new features of LCE 3.6.

SSL Certificate Authority Auditing with Nessus

by Ron Gula on December 28, 2010

Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # 51192 , test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.

If an exploit falls in the forest, does anyone hear it being patched?

by Ron Gula on December 8, 2010

Recently, Tenable added exploitability reporting for Nessus . After performing a scan, results can be filtered to see which vulnerabilities have exploits available for them. In the report, you can even see which common exploitation tools have payloads for these vulnerabilities. This is a great way to help prioritize which vulnerabilities to fix first. However, it is not a great way to manage your network or decide whether to patch a system or not. Consider the following conversation that represents many I’ve had on this topic:

Introducing the Nessus Perimeter Service : redefining the cost of online scanning

by Ron Gula on December 7, 2010

Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now offers the Nessus Perimeter Service, offering unrestricted and unlimited vulnerability scans through annual and thirty day subscriptions. Scan any number of Internet facing sites you are authorized to scan from your desktop computer, mobile laptop, iPhone, customer network or wherever is convenient, as often as you want, all for a flat fee. And best of all – if you are a Nessus user, you already know how...

Nessus and SecurityCenter APIs and Data Internals Published

by Ron Gula on October 6, 2010

Tenable has published API reference guides for the Nessus and SecurityCenter 4 XMLRPC interfaces. We've also added a " Products APIs and Data Internals " topic area on the Tenable Discussion Forums . This area allows Tenable product users to ask questions about the APIs and share code. The Nessus API allows users to interact with the Nessus scanner in an automated fashion. For example, scans can be created and reports can be downloaded. The Nessus App for iPhone as well as the flash interface in Nessus 4.2 all make use of the XMLRPC interface. The SecurityCenter API allows enterprise users to...

Security Metrics - Is This Network Getting Better?

by Ron Gula on August 9, 2010

Metrics that show risk are an excellent way to communicate security information to different people and groups within an organization. However, trend lines can hide a lot of details and nuances. This blog entry discusses an example network where a month’s worth of scan data is used to trend overall vulnerabilities, those that have been around longer than thirty days and correlating systems needing a reboot with residual security issues.

SecurityCenter 4 Released - Taking Unified Security Monitoring to a higher level

by Ron Gula on April 26, 2010

Tenable Network Security is very pleased to announce the release of SecurityCenter 4. This major new release of our security management tool provides much greater efficiency in managing security, compliance and situational awareness for enterprise network monitoring. The process and data from vulnerability scanning, log analysis, event management, configuration auditing and much more can be managed, fused and analyzed from one central console. This is the core principal of Tenable’s Unified Security Monitoring strategy. Tenable's web site has been updated with much more detailed information...

Auditing 100,000 Hosts or More with Nessus

by Ron Gula on November 18, 2009

Recently, the State Department Deputy CIO and CISO John Streufert participated in a podcast where he talked about moving past the Federal Information Security Management Act (FISMA) to a metrics based security program. Performing routine vulnerability scans is a key metric to his strategy and he referenced the State Department’s Tenable solution for accomplishing this. After this podcast, Tenable received several inbound requests for more information on very large-scale network scanning from a variety of federal and commercial organizations. This blog entry summarizes some of the political and deployment strategies our customers use to scan hundreds of thousands of hosts on an ongoing basis with multiple Nessus scanners and the Security Center .

New Product Demo Videos - PCI, User Tracking, Event Correlation and more

by Ron Gula on January 15, 2009

With the release of Security Center 3.4.3 as well as Log Correlation Engine 3.0.1, we've updated the main Unified Security Monitoring videos at nessus.org. These videos are free to use and do not require registration. The following new videos are now available: Unified Security Monitoring This is a five minute introduction to the concept of performing vulnerability and configuration analysis on the same vendor solution that can perform log correlation and anomaly detection. Unifying this information into one spot allows you to spot security risks and compliance issues early and often. PCI...